Hello Vitaly,

I don't think that's normal.  I don't remember any moment in all these years using Fedora that I ever had a completely disabled firewall.  If you ask me, that's a bug.

Kind regards,
Lailah




On Mon, 26 Aug 2019 at 14:31, Vitaly Zaitsev via devel <devel@lists.fedoraproject.org> wrote:
Hello all.

Is it okay that firewall is completely disabled by default (opened all
ports 1025-65535) on Fedora Workstation?

I think that this is a major vulnerability and it must be fixed by
changing default zone to public.

firewall-cmd --list-all
FedoraWorkstation (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp1s0
  sources:
  services: dhcpv6-client mdns samba-client ssh
  ports: 1025-65535/udp 1025-65535/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

--
Sincerely,
  Vitaly Zaitsev (vitaly@easycoding.org)
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org