On Tue, Aug 27, 2019 at 5:59 AM, Christopher <ctubbsii@fedoraproject.org> wrote:

The current status is that the Workstation WG never came up with a solution in 5 years, and new people are finding this default configuration and getting upset about the failure of Fedora Workstation to meet basic security expectations. Since Workstation WG has not come up with any better solution over the course of 10 Fedora releases / 5 years, and the default insecure status persists, I think it's reasonable to conclude that FESCo's trust in the Workstation WG's ability to come up with a satisfactory solution was misplaced. I would strongly urge the current FESCo require Worksation to adopt the same secure default configuration as Server, until such a time as Workstation WG comes up with a solution for Workstation that can *honestly* clear the change proposal process.

To be clear, we have never had any plans to work on this.

If there is a separate team of firewall developers that would be interested in writing a new style of firewall, then I'm sure the WG would be happy to reopen discussion of the issue, including a discussion of requirements, etc. But I highly doubt anybody will be interested in this effort to reenable a stricter firewalld configuration. This doesn't seem like a serious effort to think about how a firewall could be useful, it just seems like an effort to break software.