Il 17/12/2014 20:38, Matthew Miller ha scritto:
This is clearly, not the most friendly approach; it’s my understanding
that the desktop designers, network tools team, and security team are
going to work together to develop a better overall solution for Fedora
22 and beyond.
Maybe I put it too simple, but instead of opening all high ports by
default what about having firewall rules declared in RPMs for packages
that need to have ports opened? I mean, creating a script in the %post
section of the specfile where the packager can tell firewalld to open up
one or more ports. I know it's not perfect, because this solution covers
only packages that come from official repositories, but this can be a
start.
The alternative could be a "open approach" from Firewalld, where an
application, when it's executed, can inform firewalld that needs to open
a port, firewalld asks the user if it should grant access to the
application and then opens the port... but this needs to be implemented
in the source of every application, it can eventually be sponsored to
become a standard in the linux world.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
