On Mon, 2019-08-26 at 14:51 -0400, Dan Book wrote:
On Mon, Aug 26, 2019 at 8:31 AM Vitaly Zaitsev via devel <
devel(a)lists.fedoraproject.org> wrote:
> Hello all.
>
> Is it okay that firewall is completely disabled by default (opened all
> ports 1025-65535) on Fedora Workstation?
>
> I think that this is a major vulnerability and it must be fixed by
> changing default zone to public.
>
> firewall-cmd --list-all
> FedoraWorkstation (active)
> target: default
> icmp-block-inversion: no
> interfaces: enp1s0
> sources:
> services: dhcpv6-client mdns samba-client ssh
> ports: 1025-65535/udp 1025-65535/tcp
> protocols:
> masquerade: no
> forward-ports:
> source-ports:
> icmp-blocks:
> rich rules:
>
I agree that this is quite ill advised. As the maintainer of the Cinnamon
spin, can anyone answer whether (1) this would affect spins other than
Workstation,
You get this config if VARIANT_ID in /etc/os-release is set to
'workstation', so only if fedora-release-workstation is installed. See
'rpm -q --scripts firewalld'.
and (2) if so, how to fix it?
See above.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net