<div dir="ltr">+1 - I've added 'firewall-config' to my remix and changed the default zone to 'public'. I'm not sure what the impact would be of closing off dhcpv6-client and mdns is so I left those open. I left ssh open because the service is disabled by default.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 8, 2014 at 4:35 PM, Kevin Kofler <span dir="ltr"><<a href="mailto:kevin.kofler@chello.at" target="_blank">kevin.kofler@chello.at</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Alec Leamas wrote:<br>
> Tracking this issue back we find [1] where the workstation group tried<br>
> to just disable the firewall. This started some threads. FESCO rejected<br>
> the change request.<br>
><br>
> For me, this issue then disappeared from my radar. It seems that after<br>
> FESCO turned down the wide-open system option the discussion was in the<br>
> workstation list, where they ended up opening all user ports (?) and<br>
> implemented this.<br>
<br>
</span>To me, it is obvious that the Workstation WG is in deliberate contempt of<br>
FESCo's decision. That alone ought to lead to sanctions from FESCo. In<br>
addition, FESCo's decision must be implemented properly by a security update<br>
ASAP. A wide-open firewall is a security issue. We CANNOT leave it unfixed.<br>
(For a precedent, where a deliberate security hole was forced to be closed<br>
in an update, see the Fedora 12 PackageKit policy fiasco:<br>
<a href="https://www.redhat.com/archives/fedora-devel-list/2009-November/msg00926.html" target="_blank">https://www.redhat.com/archives/fedora-devel-list/2009-November/msg00926.html</a> )<br>
<span class="HOEnZb"><font color="#888888"><br>
Kevin Kofler<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
--<br>
devel mailing list<br>
<a href="mailto:devel@lists.fedoraproject.org">devel@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/devel" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/devel</a><br>
Fedora Code of Conduct: <a href="http://fedoraproject.org/code-of-conduct" target="_blank">http://fedoraproject.org/code-of-conduct</a></div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div>Twitter: <a href="http://twitter.com/znmeb" target="_blank">http://twitter.com/znmeb</a>; OSJourno: Robust Power Tools for Digital Journalists <a href="https://osjourno.com" target="_blank">https://osjourno.com</a> <a href="http://j.mp/CompJournoStickOverview" target="_blank"></a><br><br>Remember, if you're traveling to Bactria, Hump Day is Tuesday and Thursday.</div></div></div>
</div>