On Saturday, February 22, 2020 8:38:38 PM MST Samuel Sieb wrote:
On 2/22/20 7:34 PM, John M. Harris Jr wrote:
On Saturday, February 22, 2020 8:17:01 PM MST Samuel Sieb wrote:
On 2/22/20 7:07 PM, John M. Harris Jr wrote:
Glad to hear it. A quick note, Fedora Workstation (what I refer to as the "GNOME Spin") may send out an update which resets your firewall to their defaults, which would open you back up to attacks. I'll pass this along, and hopefully we can get a more sane firewall into Fedora's GNOME experience within the year..
I guarantee that the firewall will not be changing. It has been discussed at length in the past and that is what was decided on. Your opinion on it is noted, but will not change anything.
If it has been discussed at length, then you'd know that it makes no sense to open all of the ports that firewall zone opens. You've seen a real-world example of the harm that firewall zone causes in this very thread.
It makes sense and I didn't see any harm in this thread. Feel free to bring it up again, but all you'll do is annoy people.
It makes absolutely no sense. The ports it opens are all meant to run as the user, the ones that are, arguably, the most sensitive. It opens these on ALL interfaces BY DEFAULT, which is absolutely absurd. This means that everything binding a port as the user winds up open to every network they connect to, unless the end user explicitly goes and changes the firewall zone, which the GNOME UI doesn't even provide a way to do (unless something has changed), the use has to use firewall-cmd or open nm-connection-editor. The harm in this demonstrated in this thread was opening EVERY PROCESS THAT BINDS A PORT AS THE USER to THE ENTIRE INTERNET, on both IPv4 and IPv6.