What was the justification?  I can understand not interfering with outbound ports greater than 1024.  However, inbound SYN requests should only be allowed to specific ports (in some cases, from defined sources).  In other words, enumerate the good and deny by default.

- Tim

On Dec 9, 2014 9:33 AM, "Jan Rusnacko" <jrusnack@redhat.com> wrote:
Firewalld in F21 workstation will have opened all tcp and udp ports above 1024.

On 12/09/2014 03:28 PM, finid@vivaldi.net wrote:
> I think I missed what the discussion is all about.
>
> What is the gist of the "open by default firewall" discussion?
>
>
> --
> finid
>
>
> On 2014-12-09 08:02, Jan Rusnacko wrote:
>> Hey guys,
>>
>> given that there is quite heated discussion about open by default
>> firewall, is this something we want to contribute to (as a team) ? Do
>> you think we a) can and b) should come with a statement and join the
>> discussion ?
>>
>> We started looking into making fedora more secure with PermitRootLogin
>> and this case seems similar (though with opposite outcome).
> _______________________________________________
> security-team mailing list
> security-team@lists.fedoraproject.org
> https://lists.fedoraproject.org/mailman/listinfo/security-team

--
Jan Rusnacko, Red Hat Product Security
_______________________________________________
security-team mailing list
security-team@lists.fedoraproject.org
https://lists.fedoraproject.org/mailman/listinfo/security-team