<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<div class="moz-cite-prefix">On 12/09/2014 10:11 AM, Bastien Nocera
wrote:<br>
</div>
<blockquote
cite="mid:1756234756.20266693.1418137911455.JavaMail.zimbra@redhat.com"
type="cite"><br>
<pre wrap="">
The defaults for the various products are "packaged" by zones. You just need
to change the firewalld zone to get whatever is the default on the server side.
</pre>
</blockquote>
<br>
Ok, so it's another item on my list of "things to fix that fedora
didn't get right" after I do an install. <br>
<br>
The release notes are misleading, at best. All of the arguments
I've heard used to justify this change have been boiled down to "end
users don't understand networking" -- which means that calling this
feature "developer oriented" in the release notes is wrong. <br>
<br>
There should be a far larger warning that any software that opens a
non-privileged port is accessible to the world. If I didn't do
development (and if I hadn't read this thread) then I would probably
have skipped that section and left my machine open to the world.<br>
<br>
<br>
<blockquote
cite="mid:1756234756.20266693.1418137911455.JavaMail.zimbra@redhat.com"
type="cite">
<pre wrap="">
Or better, use VMs to deploy test instances which would have the same set of packages
and configuration as a Fedora Server version.
</pre>
</blockquote>
<br>
Proposing VMs is just moving the goalposts, especially if I have
client-oriented software that wants to open ports. And for
developer things it means maintaining/securing two installations
instead of one.<br>
<br>
<br>
</body>
</html>