F21 System Wide Change: Workstation: Disable firewall

[Thomas Woerner]

On 04/15/2014 04:42 PM, Reindl Harald wrote:
>
> Am 15.04.2014 16:28, schrieb Christian Schaller:
>> ----- Original Message -----
>>> From: "Reindl Harald" <h.reindl at thelounge.net>
>>> To: devel at lists.fedoraproject.org
>>> Sent: Tuesday, April 15, 2014 11:40:20 AM
>>> Subject: Re: F21 System Wide Change: Workstation: Disable firewall
>>>
>>>
>>> Am 15.04.2014 11:32, schrieb drago01:
>>>> On Tue, Apr 15, 2014 at 11:18 AM, Reindl Harald <h.reindl at thelounge.net>
>>>> wrote:
>>
>>> allow any random application to open a unprivlieged
>>> port which is reachable from outside is dangerous
>>>
>> We already allow that and have for a long while. Any application bothering to support
>> the firewalld dbus interface can open any port they wish to.
>
> that is bad enough *but now* we disable any firewall at all?
> seriously?
>
Only authenticated applications can change firewall settings like for 
example open ports, ...

>> There was a long thread about this on the desktop mailing list, and I was
>> not in the 'disable the firewall' camp in that discussion, but nobody in
>> that thread or here have articulated how the firewall exactly enhance security
>> in the situation where we at the same time need to allow each user to have any
>> port they desire opened for traffic to make sure things like DLNA or Chromecast
>> works.
>
> that is pretty easy - defaults have to be closed anything and the user
> have to make a choice for, otherwise if there are cirtical security
> updates after a release you have *exactly* the same as WinXP SP2
>
> try it out on a public reachable IP, you will not survive the time
> you need to apply the security updates because you are infected
> long before
>
> honestly if these days i would consider switch to linux and unsure
> which distribution the one proposing "disable firewall by default"
> would be the last one on the list
>
>
>