FirewallBuddy

[Oswald Buddenhagen]

On Mon, Feb 16, 2009 at 07:13:50PM +0100, Thiago Macieira wrote:
> Em Domingo 15 Fevereiro 2009, às 05:19:47, Tejas Dinkar escreveu:
> > The 'bug' I want to address is that when applications open a port (such
> > as a file sharing app), the application thinks that everything is good,
> > while IPTables is secretly blocking everything in an out of the system.
> > Oops.
> 
> Wouldn't that be intentional then?
> 
kind of ...

> I think we shouldn't provide an API for this. If the system is firewalled, it's 
> for a good reason. If you have an interactive firewall, you'll find out that 
> there are connection attempts going on, which means you may want to open the 
> port.
> 
> What's more, the big problem users face today is not the firewall on their 
> machines, but the fact that they are behind NAT and a firewall server.
>
that's what upnp exists for ...
it certainly is counter-productive when the firewall is just a
firewall. if it is primarily a nat router, things look a bit
differently.

specifically regarding the API proposal, i don't like the idea at all.
it should go into the direction of something upnp-encompassing and
policykit-integrated. there was some talk on xdg-list in the past, i
think.