From Fedora Project Wiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

The problem with a static firewall as Fedora currently ships with iptables/system-config-firewall is that it actively interferes with a lot of things that users want to do with their desktops:

  • mDNS related sharing:
    • Discovering any remote services (music, screen, printer, etc. shares and .local hosts)
    • Music sharing (via DAAP, in Rhythmbox, Banshee, etc.)
    • Personal File sharing (WebDAV, through gnome-user-share)
    • Desktop sharing (VNC, through vinagre)
    • Remote disk management (udisks and gnome-disk-utility)
    • Local network chats (Pidgin, Empathy)
  • UPNP related:
    • DLNA music/movies/photos sharing (in Rygel, mediatomb, etc.)
  • Other:
    • Automatic discovery of printers and other services (CUPS specific)
    • ssh

Possible ways to improve the situation are:

  • Just turn the firewall off. Rely on not running any unnecessary network-facing services, and lock the necessary services down using SELinux.
  • Allow applications to poke holes in the firewall, under user-control
  • Handle different situations differently: no firewall when on the trusted 'home network', but strict firewall when using coffee shop wifi

Related bugs

Other OSes

  • Ubuntu's firewall is disabled by default
  • Mandriva's firewall has the same problem as Fedora's (they use shorewall)
Retrieved from "https://fedoraproject.org/w/index.php?title=Desktop/Whiteboards/Firewall&oldid=420274"