Wow. For 2 days I don't check my old thread and then everything is discussed already... Unfortunately, I must side with my namesake on this issue, Johannes. On Tue August 3 2010 04:46:46 Johannes Meixner wrote:
There should be no recommendation to open any port in the firewall. But the current popup texts could be misunderstood to do it. Therefore I filed https://bugzilla.novell.com/show_bug.cgi?id=627799 [...]
Additionally you may have a look at https://bugzilla.novell.com/show_bug.cgi?id=610327
I had not seen those. I will not debate the issue in bugzilla and I'll respect that you have the final word there. But apparently you don't see that all you are doing is making YaST2 less convenient for administrators, not the setup more secure. YaST2 is one of the best features openSUSE has, exactly because it makes advanced administration more convenient. An inexperienced user will simply use the defaults and will follow all the security warnings that you include, because he/she doesn't know all the details (and they will NOT read the very long SDB article you wrote). To be as secure as you are driven to make this setup, it is sufficient to make the default secure and to include warnings in all the other configurations, as it is done with the partitioning tool.
Any sane reason to make this process less convenient?
This is intentionally to avoid that almost all normal users open a security hole because in the usual network environments, the IPP port should never be opened for the EXT zone, see http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
That is precisely where you get things mixed up. Normal users will not read or understand your SDB article. Not that it is not well written, but it is too long and too complex. You are not making them more secure by removing the "cups" one-button function in YaST2. They will use the default or ask for help. But for us, it's a PITA and removes power from YaST. You say that we are still free to open the port in the firewall. Of course, but what is the point of YaST, if not making administration steps more convenient and less prone to typos? Again, look at the partitioning tool in YaST and see how the cups setup should be done. It protect all sensitive and dangerous areas with a lot of warning, but instead of telling us "now, go and use gpart or parted", it offers us very convenient and powerful GUI front end for this dangerous tools. That is what your CUPS setup should do and you would be highly praised by all of us. In addition, Carlos ER has indeed a good point that you unfortunately dismiss with "In particular responses as yours prove that I am right not to offer our users a too easy "just one click" way in YaST which removes firewall protection completely from CUPS." You are here showing that you "think" you are right, just because you did not understood our use scenario. In your other responses you show that you do not trust routers with firewall that you don't build yourself. But the fact is there are home routers running solid embedded linux on them, and there are also situations as in my university department, which is protected by a very solid firewall from the world, but still I would not trust every computer in our LAN. By keeping the firewall on and treating the network as external, we are at least protected against unforeseen situations, "when whatever kind of server process was started by accident", as you say in your article. I like your idea of "specifying the IP address of the trusted internal network via FW_TRUSTED_NETS in the firewall configuration". I think this will further strengthen my setup at the university. Please, reconsider your design of this YaST tool, not from the point of view of security (I certainly won't advocate making openSUSE less secure out of the box), but from the point of view of robust and convenient advanced administration. -- Carlos F Lange -- Recursive: Adj. See Recursive. -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org