F21 System Wide Change: Workstation: Disable firewall

Kevin Kofler kevin.kofler at chello.at
Sun Apr 20 16:52:38 UTC 2014

Jaroslav Reznik wrote, on behalf of Matthias Clasen:
> The firewalld service will not be enabled by default in the workstation
> product.

WTF? So we're going to disable security by default? We are forcing such a 
PITA as SELinux that breaks applications on all users by default, yet we 
will let systems wide open for remote exploitation? That just does not make 
any sense. The most effective way to prevent intrusions is to not let 
intruders into the system at all.

> == Detailed Description ==
> The current level of integration into the desktop and applications does
> not justify enabling the firewalld service by default. Additionally, the
> set of zones that we currently expose is excessive and not user-friendly.
> Therefore, we will disable the firewall service while we are working on a
> more user- friendly way to deal with network-related privacy issues.

If firewall-config from firewalld is too complicated, drop back to the good 
old static iptables wrapper service and system-config-firewall. That was 
simple and straightforward and just worked.

> It will of course still be possible to enable the firewall manually.

Too late if the system already got remotely rooted by the time the admin 
gets around to enabling the firewall.

        Kevin Kofler

More information about the devel mailing list