On 12/06/2010 06:04 PM, Adam Williamson wrote: > On Mon, 2010-12-06 at 19:05 +0000, Daniel P. Berrange wrote: > >> The other benefit would be if the user only intended the >> service to be accessible to localhost, or a UNIX domain >> socket but for some reason screwed up their service's >> config & opened it to the world. > > I use it as a safety net for much this reason. I am not comfortable with > 100% guaranteeing that 'helpful' services we install by default like > Avahi are not doing things I really wouldn't want them to do when I > connect to some open wifi network.
I think this is where the zones work that was talked about will come in handy. If you connect to a new unknown network, default to firewalled until the user "trusts" the zone. But if you trust the zone, trust it, don't get in the way. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
