F21 System Wide Change: Workstation: Disable firewall

drago01 drago01 at gmail.com
Sun Apr 20 22:22:30 UTC 2014

On Mon, Apr 21, 2014 at 12:02 AM, Reindl Harald <h.reindl at thelounge.net> wrote:

> * there are network services enabled by default

Again that's a bug and a viloation of the guidelines. Which services
are you talking about?
Please file bugs.

> * avahi is one of them

You keep listing this as an example but avahi is not only installed
and enabled by default
but also allowed configured to work in the default firewall setup
since F18 [1] ...

So the current default firewall won't protect you against avahi flaws.

> * you nor i can say for sure avahi never ever get a critical security update

See above.

> * you nor i can be sure that there is not another network-service is running
> * even if it is not running by intention it may be running by mistake as default
> * so after you installed a new system avahi is running and the firewall down

See above.

> * how do you genius install the updates without a network
> and to *not* have to consider what is safe and what you have to stop after
> a fresh install before you can plug your machine to the network for install
> security relevant updates a firewall has to be enabled by default

Again you

1) assume that we enable random services by default and the firewall
is the only thing that protects freshly installed systems
2) that given the user options that do not work and force him to learn
about computer networks to do basic tasks is how things should work

both are false.

Sure disabling the firewall is not the only way to solve 2) but the
"silently make things not work" i.e the status quo or "ask a user
questions that he does not understand"
are no solutions.

There have been other suggestions in this thread that are helpful like
the network zones thing (but we still have too many zones) or enabling
services should make them work i.e
just enable the firewall rules.

> honestly it's good that you are out of this discussion because you seem
> to not have you clue about security nor understand the implications of
> "who knows hat he is doing and why the one who don't need sane defaults"

No the reason is simply that talking to you is very annoying .. you
resort to baseless attacks (like the this one)  and strawmans.

1: http://fedoraproject.org/wiki/Features/AvahiDefaultOnDesktop

More information about the devel mailing list