Re: Firewall configuration [was Re: no external panels for gnome-control-center]
- From: Bastien Nocera <hadess hadess net>
- To: Shaun McCance <shaunm gnome org>
- Cc: desktop-devel-list gnome org
- Subject: Re: Firewall configuration [was Re: no external panels for gnome-control-center]
- Date: Fri, 13 May 2011 01:41:58 +0100
On Thu, 2011-05-12 at 20:06 -0400, Shaun McCance wrote:
> On Thu, 2011-05-12 at 18:14 -0400, David Zeuthen wrote:
> > Why? Because the premise of System Settings in GNOME 3 is,
> > surprisingly, to change your system settings or personalize the
> > experience. E.g. we think it genuinely makes sense to e.g. add a
> > printer, change your desktop background, create an user account and so
> > on. We should strive to make this as easy as possible and having 20
> > panels such as "Java Settings" or "HTTPD Control" or even "Firewall"
> > is something that gets in the way.
> I'm hesitant to jump in the middle of this. I don't want to have
> an argument, but I do think our designers should at least look
> at the case of firewalls.
The problem is that nobody has written a usable interface for it.
What we looked at was:
And the person working on system-config-firewall at Red Hat is working
on making the backend not suck so we can implement the concept of zones
(of varying security), and integrates that with NetworkManager and the
Sharing & Privacy panel:
The backend should work on pretty much any Linux distribution after
that. Note that the data about the backend and the concept of zones is
correct, the mockups are pretty far from what we intend on implement (if
those are needed at all in fact).
> Configuring Apache is entirely orthogonal to your desktop, but
> firewall configuration generally is not. We have quite a few
> places in the user help where we say "Depending on how GNOME
> was installed, you might have to change your firewall settings
> for this to work." And we have to say that because some distros
> block certain ports by default, and that actually affects the
> sorts of things we talk about in the user help.
> Unfortunately, we can't give real directions on what to do,
> so we have a page that has some hand-wavy instructions that
> are probably sufficient for some people.
> So I guess my rule of thumb is, if it's something we find we
> need to mention in the desktop help, it's something we ought
> to look at dealing with in the desktop.
Feel free to follow the discussions about firewalls on the
fedora-desktop list. The fact is that the firewall story sucks on pretty
much every Linux distro, and the concepts used by third-party firewalls
on Windows is wrong as well. Windows 7's concept of zones (home vs.
office vs. public network) is pretty much right on the money, even if
the UI is a bit tedious.
] [Thread Prev