F21 System Wide Change: Workstation: Disable firewall
Thomas Woerner
twoerner at redhat.com
Tue Apr 22 09:23:46 UTC 2014
On 04/21/2014 12:22 AM, drago01 wrote:
> On Mon, Apr 21, 2014 at 12:02 AM, Reindl Harald <h.reindl at thelounge.net> wrote:
>
>> * there are network services enabled by default
>
> Again that's a bug and a viloation of the guidelines. Which services
> are you talking about?
> Please file bugs.
>
>> * avahi is one of them
>
> You keep listing this as an example but avahi is not only installed
> and enabled by default
> but also allowed configured to work in the default firewall setup
> since F18 [1] ...
>
> So the current default firewall won't protect you against avahi flaws.
>
This has been added only because of a FESCo decision:
https://fedoraproject.org/wiki/Features/AvahiDefaultOnDesktop
>> * you nor i can say for sure avahi never ever get a critical security update
>
> See above.
>
>> * you nor i can be sure that there is not another network-service is running
>> * even if it is not running by intention it may be running by mistake as default
>> * so after you installed a new system avahi is running and the firewall down
>
> See above.
>
>> * how do you genius install the updates without a network
>> and to *not* have to consider what is safe and what you have to stop after
>> a fresh install before you can plug your machine to the network for install
>> security relevant updates a firewall has to be enabled by default
>
> Again you
>
> 1) assume that we enable random services by default and the firewall
> is the only thing that protects freshly installed systems
> 2) that given the user options that do not work and force him to learn
> about computer networks to do basic tasks is how things should work
>
> both are false.
>
> Sure disabling the firewall is not the only way to solve 2) but the
> "silently make things not work" i.e the status quo or "ask a user
> questions that he does not understand"
> are no solutions.
>
> There have been other suggestions in this thread that are helpful like
> the network zones thing (but we still have too many zones) or enabling
> services should make them work i.e
> just enable the firewall rules.
>
>> honestly it's good that you are out of this discussion because you seem
>> to not have you clue about security nor understand the implications of
>> "who knows hat he is doing and why the one who don't need sane defaults"
>
> No the reason is simply that talking to you is very annoying .. you
> resort to baseless attacks (like the this one) and strawmans.
>
> 1: http://fedoraproject.org/wiki/Features/AvahiDefaultOnDesktop
>
More information about the devel
mailing list