F21 System Wide Change: Workstation: Disable firewall
kevin.kofler at chello.at
Sun Apr 20 16:52:38 UTC 2014
Jaroslav Reznik wrote, on behalf of Matthias Clasen:
> The firewalld service will not be enabled by default in the workstation
WTF? So we're going to disable security by default? We are forcing such a
PITA as SELinux that breaks applications on all users by default, yet we
will let systems wide open for remote exploitation? That just does not make
any sense. The most effective way to prevent intrusions is to not let
intruders into the system at all.
> == Detailed Description ==
> The current level of integration into the desktop and applications does
> not justify enabling the firewalld service by default. Additionally, the
> set of zones that we currently expose is excessive and not user-friendly.
> Therefore, we will disable the firewall service while we are working on a
> more user- friendly way to deal with network-related privacy issues.
If firewall-config from firewalld is too complicated, drop back to the good
old static iptables wrapper service and system-config-firewall. That was
simple and straightforward and just worked.
> It will of course still be possible to enable the firewall manually.
Too late if the system already got remotely rooted by the time the admin
gets around to enabling the firewall.
More information about the devel