GNOME Bugzilla – Bug 336201
Use firewalld to poke a hole in the firewall
Last modified: 2014-06-25 15:33:08 UTC
Currently gnome-user-share creates a httpd-server listening on some random high-level port. This is fine until one uses a firewall. The port on which the httpd is listenig should be configurable by the user (perhaps in some advanced options), so that the port could be opened on the firewall because it is then known. It is no good idea to force the user to drop shields...
Created attachment 62135 [details] Mockup of advanced option integration into properties dialog I have done a quick mockup based on the original .glade file to better understand what I mean. If the user enters a port in the advanced options of the properties dialog, this would override the actual behaviour. Of course a checking of the port must be done and in case an error occurs the user must be informed about the problem.
This sounds like a good idea to me. Anyone wanna work on it?
I'd rather not have any configuration of the sort in gnome-user-share. What would be better, would be a PolicyKit integrated service that would punch holes in the firewall for us, and plug them when the application goes away.
*** Bug 522442 has been marked as a duplicate of this bug. ***
Like Bastien Nocera said, no need changes in the UI. Simply, if firewalld is enabled when user allow the sharing with httpd, send a request by DBus to firewalld for open the using port. And when user stop the sharing with httpd, send another request to close the using port. Really, no changes need in the UI.
Will be fixed in the next version of Fedora, see: http://www.hadess.net/2014/06/firewalls-and-per-network-sharing.html