F21 System Wide Change: Workstation: Disable firewall

Reindl Harald h.reindl at thelounge.net
Tue Apr 15 17:00:43 UTC 2014

Am 15.04.2014 18:51, schrieb Andrew Lutomirski:
> On Tue, Apr 15, 2014 at 9:44 AM, Reindl Harald <h.reindl at thelounge.net> wrote:
>> Am 15.04.2014 17:40, schrieb Andrew Lutomirski:
>>> On Tue, Apr 15, 2014 at 7:42 AM, Reindl Harald <h.reindl at thelounge.net> wrote:
>>> How about having an API where things like DLNA can simply
>>> not run until you're connected to your home network?
>> you can prove that this will always happen the right way?
>> you can implement software *for sure* knowing the fact
>> what my home network is? if you can do that you get rich!
> Does the firewall really help?  

yes, because there is no single port reachable after the
installation and you can at least install security updates
released after the GA of the current Fedora setup until
you have a port open

> Why should you trust your home network anyway?  

because i get paied for secure comapny networks?

> Your already-known-to-be-malicious television can mess with
> ARP or DHCP, intercept an HTTP request, and CSRF the crap 
> running on your computer.

my television can do a CRSF?
my television can send me a mail and click on a link there?

don't talk about things which are *obviously* out of your business

and no my television can do nothing because my television is blocked
on any incoming port on my computer - guess by what: the firewall

> Note that there are two separate issues there.  Your home network is
> *not* secure, and your firewall, even in fully locked-down mode, isn't
> really protecting you

in other words: let us give up with security, disable any barrier
and security layer because we can't win that fight - interesting

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140415/3c1d76d5/attachment.sig>

More information about the devel mailing list