FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Desktop

 
 
LinkBack Thread Tools
 
Old 11-10-2009, 06:27 AM
"Jˇhann B. Gu­mundsson"
 
Default Network Printing + Firewall..

Greetings...

Any reason why scanning the network for printers is blocked in firewall
on the desktop live cd after install ( tested with 09/11/09 i686 iso)
or is this something we missed?

JBG
--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
 
Old 11-10-2009, 11:25 AM
Matthias Clasen
 
Default Network Printing + Firewall..

On Tue, 2009-11-10 at 07:27 +0000, "Jˇhann B. Gu­mundsson" wrote:
> Greetings...
>
> Any reason why scanning the network for printers is blocked in firewall
> on the desktop live cd after install ( tested with 09/11/09 i686 iso)
> or is this something we missed?
>

The firewall is an unsolved issue. We considered just turning it off for
F12 (as some have advocated), but didn't have the courage to do it in
the end. It is one of the bigger problems we have to tackle soon. It not
only torpedoes printing, it also sabotages file sharing, music sharing,
and so on.

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
 
Old 11-11-2009, 08:47 AM
Gianluca Sforna
 
Default Network Printing + Firewall..

On Tue, Nov 10, 2009 at 1:25 PM, Matthias Clasen <mclasen@redhat.com> wrote:
> On Tue, 2009-11-10 at 07:27 +0000, "Jˇhann B. Gu­mundsson" wrote:
>> Greetings...
>>
>> Any reason why scanning the network for printers is blocked in firewall
>> on the desktop live cd after install ( tested with 09/11/09 *i686 iso)
>> or is this something we missed?
>>
>
> The firewall is an unsolved issue. We considered just turning it off for
> F12 (as some have advocated), but didn't have the courage to do it in
> the end. It is one of the bigger problems we have to tackle soon. It not
> only torpedoes printing, it also sabotages file sharing, music sharing,
> and so on.

Would something like the SELinux troubleshooter (BTW, I just love the
F12 one, kudos to the developers), catching denials generated by the
firewall and presenting the user a dialog to allow pinching the
appropriate ports, be a worth project to pursue? maybe something like
this do exist somewhere?

--
Gianluca Sforna

http://morefedora.blogspot.com
http://www.linkedin.com/in/gianlucasforna

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
 
Old 11-11-2009, 12:40 PM
Matthias Clasen
 
Default Network Printing + Firewall..

On Wed, 2009-11-11 at 10:47 +0100, Gianluca Sforna wrote:
> On Tue, Nov 10, 2009 at 1:25 PM, Matthias Clasen <mclasen@redhat.com> wrote:
> > On Tue, 2009-11-10 at 07:27 +0000, "Jˇhann B. Gu­mundsson" wrote:
> >> Greetings...
> >>
> >> Any reason why scanning the network for printers is blocked in firewall
> >> on the desktop live cd after install ( tested with 09/11/09 i686 iso)
> >> or is this something we missed?
> >>
> >
> > The firewall is an unsolved issue. We considered just turning it off for
> > F12 (as some have advocated), but didn't have the courage to do it in
> > the end. It is one of the bigger problems we have to tackle soon. It not
> > only torpedoes printing, it also sabotages file sharing, music sharing,
> > and so on.
>
> Would something like the SELinux troubleshooter (BTW, I just love the
> F12 one, kudos to the developers), catching denials generated by the
> firewall and presenting the user a dialog to allow pinching the
> appropriate ports, be a worth project to pursue? maybe something like
> this do exist somewhere?

That is what most developers immediately think of as the 'solution' to
this issue. But it is not a solution, really. It is moving the problem
to the user and asking him to make decisions he is not ready to make.

What would you answer if a dialog spontaneously pops up that says


Program /usr/bin/greqrml wants to listen on port 978. This may be
dangerous.
[Allow][Deny][No idea, you decide]


A better approach would be to use information about the 'network
environment' and make decisions based on that. E.g allow rhythmbox to
share music on your home network, but not in the coffee shop. Of course,
this need informations about the 'trust level' or privacy of the
network.


Matthias

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
 
Old 11-11-2009, 03:31 PM
Thomas Woerner
 
Default Network Printing + Firewall..

On 11/11/2009 02:40 PM, Matthias Clasen wrote:

On Wed, 2009-11-11 at 10:47 +0100, Gianluca Sforna wrote:

On Tue, Nov 10, 2009 at 1:25 PM, Matthias Clasen<mclasen@redhat.com> wrote:

On Tue, 2009-11-10 at 07:27 +0000, "Jˇhann B. Gu­mundsson" wrote:

Greetings...

Any reason why scanning the network for printers is blocked in firewall
on the desktop live cd after install ( tested with 09/11/09 i686 iso)
or is this something we missed?



The firewall is an unsolved issue. We considered just turning it off for
F12 (as some have advocated), but didn't have the courage to do it in
the end. It is one of the bigger problems we have to tackle soon. It not
only torpedoes printing, it also sabotages file sharing, music sharing,
and so on.


Would something like the SELinux troubleshooter (BTW, I just love the
F12 one, kudos to the developers), catching denials generated by the
firewall and presenting the user a dialog to allow pinching the
appropriate ports, be a worth project to pursue? maybe something like
this do exist somewhere?


That is what most developers immediately think of as the 'solution' to
this issue. But it is not a solution, really. It is moving the problem
to the user and asking him to make decisions he is not ready to make.

What would you answer if a dialog spontaneously pops up that says


Program /usr/bin/greqrml wants to listen on port 978. This may be
dangerous.
[Allow][Deny][No idea, you decide]


A better approach would be to use information about the 'network
environment' and make decisions based on that. E.g allow rhythmbox to
share music on your home network, but not in the coffee shop. Of course,
this need informations about the 'trust level' or privacy of the
network.

And there is a older bugzilla requesting to add the ability to classify
network connections in NetworkManager: #472784


The original title was: Home mode/HotSpot mode in NetworkManager



Matthias


Thomas

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
 

Thread Tools




All times are GMT. The time now is 01:21 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ę2007 - 2008, www.linux-archive.org