F21 System Wide Change: Workstation: Disable firewall

Christian Schaller cschalle at redhat.com
Tue Apr 22 09:43:35 UTC 2014





----- Original Message -----
> From: "Thomas Woerner" <twoerner at redhat.com>
> To: devel at lists.fedoraproject.org
> Sent: Tuesday, April 22, 2014 11:23:46 AM
> Subject: Re: F21 System Wide Change: Workstation: Disable firewall
> 
> On 04/21/2014 12:22 AM, drago01 wrote:
> > On Mon, Apr 21, 2014 at 12:02 AM, Reindl Harald <h.reindl at thelounge.net>
> > wrote:
> >
> >> * there are network services enabled by default
> >
> > Again that's a bug and a viloation of the guidelines. Which services
> > are you talking about?
> > Please file bugs.
> >
> >> * avahi is one of them
> >
> > You keep listing this as an example but avahi is not only installed
> > and enabled by default
> > but also allowed configured to work in the default firewall setup
> > since F18 [1] ...
> >
> > So the current default firewall won't protect you against avahi flaws.
> >
> This has been added only because of a FESCo decision:
> 
> https://fedoraproject.org/wiki/Features/AvahiDefaultOnDesktop
> 

Thank you for digging that ticket up Thomas. I think that ticket mentions something maybe 
a bit overlooked in this thread so far, "Real world security". I recommend everyone 
following this thread to watch this video of a talk by Russ Doty from Red Hat at this 
years DevConf in Brno.  His talk is about real world security, especially in the context of 
enterprise computing, but the issues he articulate forms the underlaying challenges of this 
thread too.

I think if everyone here see this talk we could hopefully move this thread into a more 
constructive format.

Christian


More information about the devel mailing list