F21 System Wide Change: Workstation: Disable firewall

Reindl Harald h.reindl at thelounge.net
Tue Apr 15 16:55:27 UTC 2014

Am 15.04.2014 18:38, schrieb Mateusz Marzantowicz:
> On 15.04.2014 11:40, Reindl Harald wrote:
>> it is not a point of *what i can do and do*
>> it is a point what the ordinary 08/15 user does which assumes
>> to have a by default secure system after install
> Fedora is not for ordinary users. Fedora is for geeks and 
> developers that like to experiment with a new software

ok, now i need hardly to censor myself

may i ask you to be quiet until you read and understand the
proposal linked in the start-message of that thread as well
as the target audience for "Fedora Workstation"?

the whole point of that thread and the Workstation prodcut
is to satisfy the ordinary user and let nor firewall stand
in his way

if it would be only for geeks or developers they would
simply open the needed ports and knwoing what they are
doing - they don't need firewalld

> Ordinary users use Windows and iOS (sometimes RHEL)

which is better for them if we start to ship
Fedora with

> Averedge Fedora user should be able to enable/disable firewall

*then this thread would not exist and it would still be enabled*

> and justify if he needs such thing. So this decision about disabling 
> fw be default is complitelly not important from security point of 
> view. You can alway drop some iptables rules to your rc.local script

STOP THAT: if you setup a fresh install and your machine is in
a untrustable network or directly connected to the WAN you have
no chance to enable the firewall from the moment on one of the
by default started services like Avahi has a critical bug
nobody oculd have imagined before and you are fucked due the
first boot as it happened to WinXP in the past

do we really want to enter that road to hell?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140415/12e6b32f/attachment.sig>

More information about the devel mailing list