On Mon, Aug 26, 2019 at 8:31 AM Vitaly Zaitsev via devel <devel@lists.fedoraproject.org> wrote:
Hello all.

Is it okay that firewall is completely disabled by default (opened all
ports 1025-65535) on Fedora Workstation?

I think that this is a major vulnerability and it must be fixed by
changing default zone to public.

firewall-cmd --list-all
FedoraWorkstation (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp1s0
  sources:
  services: dhcpv6-client mdns samba-client ssh
  ports: 1025-65535/udp 1025-65535/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

I agree that this is quite ill advised. As the maintainer of the Cinnamon spin, can anyone answer whether (1) this would affect spins other than Workstation, and (2) if so, how to fix it?

Thanks,
-Dan