From Fedora Project Wiki

< Desktop‎ | Whiteboards

Revision as of 04:39, 4 November 2008 by Mclasen (talk | contribs)

The problem with a static firewall as Fedora currently ships with iptables/system-config-firewall is that it actively interferes with a lot of things that users want to do with their desktops:

  • Automatic discovery of printers and other services
  • Music sharing (eg via DAAP)
  • File sharing
  • Desktop sharing (eg via VNC)

Possible ways to improve the situation are:

  • Just turn the firewall off. Rely on not running any unnecessary network-facing services, and lock the necessary services down using SELinux.
  • Allow applications to poke holes in the firewall, under user-control
  • Handle different situations differently: no firewall when on the trusted 'home network', but strict firewall when using coffee shop wifi