+1 - I've added 'firewall-config' to my remix and changed the default zone to 'public'. I'm not sure what the impact would be of closing off dhcpv6-client and mdns is so I left those open. I left ssh open because the service is disabled by default.

On Mon, Dec 8, 2014 at 4:35 PM, Kevin Kofler <kevin.kofler@chello.at> wrote:
Alec Leamas wrote:
> Tracking this issue back we find [1] where the workstation group  tried
> to just disable the firewall. This started some threads. FESCO rejected
> the change request.
>
> For me, this issue then disappeared from my radar. It seems that after
> FESCO turned down the wide-open system option the discussion was in the
> workstation list, where they ended up opening all user ports (?) and
> implemented this.

To me, it is obvious that the Workstation WG is in deliberate contempt of
FESCo's decision. That alone ought to lead to sanctions from FESCo. In
addition, FESCo's decision must be implemented properly by a security update
ASAP. A wide-open firewall is a security issue. We CANNOT leave it unfixed.
(For a precedent, where a deliberate security hole was forced to be closed
in an update, see the Fedora 12 PackageKit policy fiasco:
https://www.redhat.com/archives/fedora-devel-list/2009-November/msg00926.html )

        Kevin Kofler

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct



--
Twitter: http://twitter.com/znmeb; OSJourno: Robust Power Tools for Digital Journalists https://osjourno.com

Remember, if you're traveling to Bactria, Hump Day is Tuesday and Thursday.