Obviously having the firewall disabled by default is not a good idea. If there is already
a lack of control in the firewall rules to virtual machines that we use on a daily basis
for development /management/tests...
For a "desktop user" is even a bad idea. It is common to use automatic discovery
protocols for multimedia devices,P2P,gateways, etc. But always trusted networks. So it
makes more sense to have specific profiles according to the network, eg: Do you really
trust the wireless network in a coffee shop? an airport? I do not think so.
A firewall is not just a port filtering, also avoids problems of traffic management
network, spoofing attacks, etc.
Francisco Alonso / Red Hat Product Security
PGP: 0xA026440E 0825 020C 7A5A 4F86 9038 B1C8 5562 688F A026 440E
----- Original Message -----
From: "Jan Rusnacko" <jrusnack(a)redhat.com>
To: "security-team" <security-team(a)lists.fedoraproject.org>
Sent: Tuesday, December 9, 2014 3:02:45 PM
Subject: Ongoing open-firewall discussion
given that there is quite heated discussion about open by default firewall,
is this something we want to contribute to (as a team) ? Do you think we a)
can and b) should come with a statement and join the discussion ?
We started looking into making fedora more secure with PermitRootLogin and
this case seems similar (though with opposite outcome).
Jan Rusnacko, Red Hat Product Security
security-team mailing list