Really? Isn't established,related enough for the majority of uses?
Given firewald's integration and ability to do on-the-fly firewall rules
you would think you could just enable specific use cases at user request
(or even at app launch).
What use case were they coming up with needing all ports inbound open?
Telephony/Video conference?
Leaving it wide open on an untrusted network leaves a huge hole for
possible exploit. I'm thinking users setting up default DB instances,
all sorts of software with possible elevated privs might bind to high
ports by default.
Yuck,
David
On 12/09/2014 09:33 AM, Jan Rusnacko wrote:
Firewalld in F21 workstation will have opened all tcp and udp ports
above 1024.
On 12/09/2014 03:28 PM, finid(a)vivaldi.net wrote:
> I think I missed what the discussion is all about.
>
> What is the gist of the "open by default firewall" discussion?
>
>
> --
> finid
>
>
> On 2014-12-09 08:02, Jan Rusnacko wrote:
>> Hey guys,
>>
>> given that there is quite heated discussion about open by default
>> firewall, is this something we want to contribute to (as a team) ? Do
>> you think we a) can and b) should come with a statement and join the
>> discussion ?
>>
>> We started looking into making fedora more secure with PermitRootLogin
>> and this case seems similar (though with opposite outcome).
> _______________________________________________
> security-team mailing list
> security-team(a)lists.fedoraproject.org
>
https://lists.fedoraproject.org/mailman/listinfo/security-team