Open wkirkpa1 opened 8 years ago
Thank you. This is a valid concern. It may be partially addressed by also allowing certain destinations, like e.g. allow konqueror access to *.wordpress.com. This will of course create a usability mess for novices.
@wkirkpa1 On Android you have NetGuard ;) Regarding KDE or any other app for that matter, you know there's a price to pay (not money, but something more valuable that you can't get back... time) if you just blindly trust it with your data without researching it before deciding it's a good idea to run it (yes, open source access and many eyes help).
Did you test proxies before writing that, I mean LPFW won't trigger an access attempt to 127.0.0.1:port or LocalIP:port or something?
You could block all traffic for your entire box to be sure, run selected applications (like konqueror) in a tight sandbox (e.g. firejail) with a separate network stack, then allow only selected network connectivity you need for the sandbox, and never allow kPhoneHome or any other kApp to be in the same sandbox.
I just played with lpfw for awhile and maybe I'm missing something, but the notion that ipfw firewalls applications to the level suggested in the readme isn't exactly true. Don't get me wrong, ipfw seems to to a fine job in the traditional Unix/Linux paradium, but today's desktop has completely trashed that. So, here's just a couple ...
With every Android clock app on Google's play store demanding access to my Contacts, Photos, and Persoanl Information, I thought something like this on the desk couldn't hurt. I'm not worried so much about the stuff from signed distrubution repositories, but some people are I guess. They should know lpfw isn't going to protect them to the extent they think it might.