[opensuse-project] Default Firewall Behavior / SMBclient
Ok. I'm just going to get this out of the way now that I have installed Milestone 8. http://blogs.zdnet.com/perlow/?p=11243 I am sick, utterly sick and tired of having to install the SAMBA packages and then punch a hole through the firewall with the Samba Server config tool in YAST2 just to make smbclient and network browsing on the desktop function. openSUSE has been doing this as default behavior for the last several releases. Yes, I know how to fix it. All of us who are power users know how to fix it. But your average end-user has no clue on how to fix this. Many of them will simply say, "Crap, I can't get my network functioning. Maybe Ubuntu wont be broken" Ubuntu, who is openSUSE's prime competition, has functioning SMB networking by default. http://blogs.zdnet.com/perlow/?p=11218 Can we please, please, pretty please, make SAMBA installed by default with the appropriate firewall rules applied as default behavior? One thing we might want to consider for future openSUSE releases is something like that "Role-based" configuration GUI that Windows Server 2008 R2 has, that automatically configures a set of services based on the way the system is going to be used. http://content.zdnet.com/2347-17924_22-293601-293615.html?seq=12 This could also be done during installation, where the installer would give a choice of "Workstation / Developer Workstation / File Server / Web Server" and the choice would apply the right set of packages and firewall settings. By default, all of the Live CD versions should have SMB networking out of the box functioning. -- Jason Perlow jperlow@gmail.com (201)735-5838 Twitter: http://twitter.com/jperlow Technology Columnist, ZDNet Tech Broiler (http://blogs.zdnet.com/perlow) Blogger/Podcaster, Off The Broiler (http://www.offthebroiler.com) LinkedIn Public Profile: http://www.linkedin.com/in/jasonperlow -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Am Montag 05 Oktober 2009 schrieb Jason Perlow:
Ok. I'm just going to get this out of the way now that I have installed Milestone 8.
http://blogs.zdnet.com/perlow/?p=11243
I am sick, utterly sick and tired of having to install the SAMBA packages and then punch a hole through the firewall with the Samba Server config tool in YAST2 just to make smbclient and network browsing on the desktop function. openSUSE has been doing this as default behavior for the last several releases.
Yes, I know how to fix it. All of us who are power users know how to fix it. But your average end-user has no clue on how to fix this. Many of them will simply say, "Crap, I can't get my network functioning. Maybe Ubuntu wont be broken"
Ubuntu, who is openSUSE's prime competition, has functioning SMB networking by default.
Ubuntu has no default firewall to begin with, so I myself feel more secure with openSUSE. Installing samba by default is something that is only done for GNOME so far, doing so also for KDE sounds easy to fix, but you're the first one to ask. Greetings, Stephan -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
I don't want to remove the firewall, I think the firewall is good. All we need is the package installed by default, the services turned on, and the firewall rule set to permit those ports that the SMB/NMB protocol and the active directory stuff from SAMBA uses.
Ubuntu has no default firewall to begin with, so I myself feel more secure with openSUSE.
Installing samba by default is something that is only done for GNOME so far, doing so also for KDE sounds easy to fix, but you're the first one to ask.
Greetings, Stephan -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
-- Jason Perlow jperlow@gmail.com (201)735-5838 Twitter: http://twitter.com/jperlow Technology Columnist, ZDNet Tech Broiler (http://blogs.zdnet.com/perlow) Blogger/Podcaster, Off The Broiler (http://www.offthebroiler.com) LinkedIn Public Profile: http://www.linkedin.com/in/jasonperlow -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
BTW the firewall ports settings also apply to GNOME as well. IF we
open them for KDE we should open them for GNOME.
On Mon, Oct 5, 2009 at 11:13 AM, Jason Perlow
I don't want to remove the firewall, I think the firewall is good. All we need is the package installed by default, the services turned on, and the firewall rule set to permit those ports that the SMB/NMB protocol and the active directory stuff from SAMBA uses.
Ubuntu has no default firewall to begin with, so I myself feel more secure with openSUSE.
Installing samba by default is something that is only done for GNOME so far, doing so also for KDE sounds easy to fix, but you're the first one to ask.
Greetings, Stephan -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
-- Jason Perlow jperlow@gmail.com (201)735-5838
Twitter: http://twitter.com/jperlow
Technology Columnist, ZDNet Tech Broiler (http://blogs.zdnet.com/perlow)
Blogger/Podcaster, Off The Broiler (http://www.offthebroiler.com)
LinkedIn Public Profile: http://www.linkedin.com/in/jasonperlow
-- Jason Perlow jperlow@gmail.com (201)735-5838 Twitter: http://twitter.com/jperlow Technology Columnist, ZDNet Tech Broiler (http://blogs.zdnet.com/perlow) Blogger/Podcaster, Off The Broiler (http://www.offthebroiler.com) LinkedIn Public Profile: http://www.linkedin.com/in/jasonperlow -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
BTW the firewall ports settings also apply to GNOME as well. IF we open them for KDE we should open them for GNOME.
On Mon, Oct 5, 2009 at 11:13 AM, Jason Perlow
wrote: I don't want to remove the firewall, I think the firewall is good. All we need is the package installed by default, the services turned on, and the firewall rule set to permit those ports that the SMB/NMB protocol and the active directory stuff from SAMBA uses.
Ubuntu has no default firewall to begin with, so I myself feel more secure with openSUSE.
Installing samba by default is something that is only done for GNOME so far, doing so also for KDE sounds easy to fix, but you're the first one to ask.
Could I suggest that the firewall port opening is added as a default in the samba server setup rather than just as default ... that way they're closed for the people who don't configure (and activate) samba and get opened without hassle for those who use it. David -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Am Dienstag 06 Oktober 2009 schrieb Administrator:
Could I suggest that the firewall port opening is added as a default in the samba server setup rather than just as default ... that way they're closed for the people who don't configure (and activate) samba and get opened without hassle for those who use it.
Use openFate to discuss new features please. This is highly offtopic for the mailing list. Greetings, Stephan -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Monday 05 October 2009 17:13:35 Jason Perlow wrote:
I don't want to remove the firewall, I think the firewall is good. All we need is the package installed by default, the services turned on, and the firewall rule set to permit those ports that the SMB/NMB protocol and the active directory stuff from SAMBA uses.
Let's open a feature for this (use http://features.opensuse.org), I've talked with some developers and AFAIK it's not trivial to open the firewall to enable samba browsing since there's not a single well-known port - and you don't want to open it to the complete internet, Andreas -- Andreas Jaeger, Program Manager openSUSE, aj@{novell.com,opensuse.org} Twitter: jaegerandi | Identica: jaegerandi SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
Andreas Jaeger wrote:
On Monday 05 October 2009 17:13:35 Jason Perlow wrote:
I don't want to remove the firewall, I think the firewall is good. All we need is the package installed by default, the services turned on, and the firewall rule set to permit those ports that the SMB/NMB protocol and the active directory stuff from SAMBA uses.
Let's open a feature for this (use http://features.opensuse.org), I've talked with some developers and AFAIK it's not trivial to open the firewall to enable samba browsing since there's not a single well-known port - and you don't want to open it to the complete internet,
FW_CONFIGURATIONS_EXT="samba-client" This will not be the default though. If we start doing the we'll end up having all kinds of things enabled by default (slp, avahi, cups) just because it's convenient. This is not what the external zone is intended for and defeats the purpose of the firewall. A separate zone could be configured with such defaults though. Also, fwzs could be developed further¹. cu Ludwig [1] http://lizards.opensuse.org/2009/08/28/firewall-zone-switcher-updated/ -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Ubuntu, who is openSUSE's prime competition, has functioning SMB networking by default.
Ubuntu has no default firewall to begin with, so I myself feel more secure with openSUSE.
Installing samba by default is something that is only done for GNOME so far, doing so also for KDE sounds easy to fix, but you're the first one to ask.
btw, do we have some Ubuntu vs. openSUSE material? thanks k -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
participants (6)
-
Administrator
-
Andreas Jaeger
-
Jason Perlow
-
Kálmán Kéménczy
-
Ludwig Nussel
-
Stephan Kulow