intrigeri:
> intrigeri wrote (01 Nov 2014 23:48:03 GMT) :
>> It's likely that quite some more time can be needed until we have
>> a full-fledged UI that gives us all we want, and allows us to switch
>> to "forbid RFC1918 by default" without breaking too many existing
>> usecases. Our UX folks are already busy with the Greeter revamp (that,
>> incidentally, might be part of what we need here).
>
>> So, a first (baby) step that could allow us to start moving in the
>> right direction would be to unconditionally allow access to a specific
>> list of ports only.
>
>> So, let's start listing usecases.
>
> So, the usecases we've listed are:
>
> * SSH
> * downloading from / uploading to a FTP server
> * printing a document on a network printer
> * going through whatever steps a captive portal asks me to;
> this generally involves DNS and HTTP
Note that for this last point, "HTTP" doesn't equal to "TCP on port 80"
unfortunately. I've seen captive portals redirecting my browser to a
different non-standard port at some point in their validation process.
I would also add:
* connecting to a local gobby server
--
sajolida