F21 System Wide Change: Workstation: Disable firewall

Christian Schaller cschalle at redhat.com
Tue Apr 22 11:58:15 UTC 2014





----- Original Message -----
> From: "Stephen Gallagher" <sgallagh at redhat.com>
> To: devel at lists.fedoraproject.org
> Sent: Tuesday, April 22, 2014 1:40:05 PM
> Subject: Re: F21 System Wide Change: Workstation: Disable firewall
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 04/22/2014 05:43 AM, Christian Schaller wrote:
> > 
> > 
> > 
> > 
> > ----- Original Message -----
> >> From: "Thomas Woerner" <twoerner at redhat.com> To:
> >> devel at lists.fedoraproject.org Sent: Tuesday, April 22, 2014
> >> 11:23:46 AM Subject: Re: F21 System Wide Change: Workstation:
> >> Disable firewall
> >> 
> >> On 04/21/2014 12:22 AM, drago01 wrote:
> >>> On Mon, Apr 21, 2014 at 12:02 AM, Reindl Harald
> >>> <h.reindl at thelounge.net> wrote:
> >>> 
> >>>> * there are network services enabled by default
> >>> 
> >>> Again that's a bug and a viloation of the guidelines. Which
> >>> services are you talking about? Please file bugs.
> >>> 
> >>>> * avahi is one of them
> >>> 
> >>> You keep listing this as an example but avahi is not only
> >>> installed and enabled by default but also allowed configured to
> >>> work in the default firewall setup since F18 [1] ...
> >>> 
> >>> So the current default firewall won't protect you against avahi
> >>> flaws.
> >>> 
> >> This has been added only because of a FESCo decision:
> >> 
> >> https://fedoraproject.org/wiki/Features/AvahiDefaultOnDesktop
> >> 
> > 
> > Thank you for digging that ticket up Thomas. I think that ticket
> > mentions something maybe a bit overlooked in this thread so far,
> > "Real world security". I recommend everyone following this thread
> > to watch this video of a talk by Russ Doty from Red Hat at this
> > years DevConf in Brno.  His talk is about real world security,
> > especially in the context of enterprise computing, but the issues
> > he articulate forms the underlaying challenges of this thread too.
> > 
> > I think if everyone here see this talk we could hopefully move this
> > thread into a more constructive format.
> 
> 
> Since you missed the link: https://www.youtube.com/watch?v=jYGgVUYjXQ8

oops, thanks for that, I had the link ready to be pasted, but forgot to actually
paste it :)

Christian


More information about the devel mailing list