F21 System Wide Change: Workstation: Disable firewall

Reindl Harald h.reindl at thelounge.net
Tue Apr 15 14:42:53 UTC 2014

Am 15.04.2014 16:28, schrieb Christian Schaller:
> ----- Original Message -----
>> From: "Reindl Harald" <h.reindl at thelounge.net>
>> To: devel at lists.fedoraproject.org
>> Sent: Tuesday, April 15, 2014 11:40:20 AM
>> Subject: Re: F21 System Wide Change: Workstation: Disable firewall
>> Am 15.04.2014 11:32, schrieb drago01:
>>> On Tue, Apr 15, 2014 at 11:18 AM, Reindl Harald <h.reindl at thelounge.net>
>>> wrote:
>> allow any random application to open a unprivlieged
>> port which is reachable from outside is dangerous
> We already allow that and have for a long while. Any application bothering to support 
> the firewalld dbus interface can open any port they wish to.

that is bad enough *but now* we disable any firewall at all?

> There was a long thread about this on the desktop mailing list, and I was 
> not in the 'disable the firewall' camp in that discussion, but nobody in 
> that thread or here have articulated how the firewall exactly enhance security 
> in the situation where we at the same time need to allow each user to have any 
> port they desire opened for traffic to make sure things like DLNA or Chromecast 
> works.

that is pretty easy - defaults have to be closed anything and the user
have to make a choice for, otherwise if there are cirtical security
updates after a release you have *exactly* the same as WinXP SP2

try it out on a public reachable IP, you will not survive the time
you need to apply the security updates because you are infected
long before

honestly if these days i would consider switch to linux and unsure
which distribution the one proposing "disable firewall by default"
would be the last one on the list

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140415/85a9e381/attachment.sig>

More information about the devel mailing list