Desktop/Whiteboards/Firewall

The problem with a static firewall as Fedora currently ships with iptables/system-config-firewall is that it actively interferes with a lot of things that users want to do with their desktops:


 * mDNS related sharing:
 * Discovering any remote services (music, screen, printer, etc. shares and .local hosts)
 * Music sharing (via DAAP, in Rhythmbox, Banshee, etc.)
 * Personal File sharing (WebDAV, through gnome-user-share)
 * Desktop sharing (VNC, through vinagre)
 * Remote disk management (udisks and gnome-disk-utility)
 * Local network chats (Pidgin, Empathy)


 * UPNP related:
 * DLNA music/movies/photos sharing (in Rygel, mediatomb, etc.)


 * Other:
 * Automatic discovery of printers and other services (CUPS specific)
 * ssh

Possible ways to improve the situation are:


 * Just turn the firewall off. Rely on not running any unnecessary network-facing services, and lock the necessary services down using SELinux.
 * Allow applications to poke holes in the firewall, under user-control
 * Handle different situations differently: no firewall when on the trusted 'home network', but strict firewall when using coffee shop wifi

Related bugs

 * Bug 179187 - gnome-user-share stymied by firewall
 * Bug 444427 - Avahi blocked by Firewall
 * Bug 440469 - RFE: Firewall: PolicyKit integration for desktop applications

Other OSes

 * Ubuntu's firewall is disabled by default
 * Mandriva's firewall has the same problem as Fedora's (they use shorewall)