"Workstation" Product defaults to wide-open firewall
Michael Spahn
michael at spahn.me
Mon Dec 8 09:34:59 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We don't need open or preconfigured high ports.
What we really need is a user notification with options to allow or
deny like we do with SELinux.
That would be a appropriate solution for a workstation.
On 08.12.2014 10:29, Reindl Harald wrote:
>
> Am 08.12.2014 um 09:38 schrieb Paul Howarth:
>> FWIW, this is mentioned in the release notes:
>>
>> http://docs.fedoraproject.org/en-US/Fedora/21/html/Release_Notes/sect-Products.html#Products-Workstation
>>
>>
>>
>>
2.3.3. Developer oriented firewall
>>
>> Developers often run test servers that run on high numbered
>> ports, and interconnectivity with many modern consumer devices
>> also requires these ports. The firewall in Fedora Workstation,
>> firewalld, is configured to allow these things.
>>
>> Ports numbered under 1024, with the exceptions of sshd and
>> clients for samba and DHCPv6, are blocked to prevent access to
>> system services. Ports above 1024, used for user-initiated
>> applications, are open by default.
>
> WTF - "developer oriented firewall" on workstation?
>
> i doubt it is smart that by default my running Eclipse accepts
> incoming connections from the WAN (that i am paied for IT security
> prevents that but only here)
>
> tcp 0 0 0.0.0.0:20080 0.0.0.0:* LISTEN
> 8669/java
>
> tcp 0 0 0.0.0.0:10137 0.0.0.0:* LISTEN
> 8669/java
>
> tcp 0 0 0.0.0.0:9000 0.0.0.0:* LISTEN
> 8669/java
>
> udp 0 0 0.0.0.0:4321 0.0.0.0:*
> 8669/java
>
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJUhXDCAAoJEGtRNj3Wo+zB7b8P/3wQdQUnqDKCO07NNEvTd3q4
u09zQeRsDJJggUU8frmJGHHjwIzoKQn4LOjh1P5y3LBRYrQJxB9l/GfVbqRm0B6V
47F0DNULSUYljey4Mbc608cxJHHyzIUVD1llxMem47EiwgJJcI/Le6fG0aJzYehp
NuvHG2D8fU89+BIHZESRhoYLcc9ryNfAQO8BM3bOATV1eHCHAMoRNsuBqyGEbVN6
hOcLLDvgkOyhgwPBmzIceguGQt1aWSVC2K5Jx0eF6gTJ5l67QFVSfPdINo4oyh7v
H04FeCQoaouVMM2ultdbAR2k8zaBPCPENjP/289nEP7QWzEkhKYEYGKYdCF5uoNe
Ngn9t9FK6n4tHUtQx3b/Ge50S3jrdvbiBcwkm5JlUhbTGf4o8XbXeRORAr+KKVmC
c/QZiyob4OcluIOkvEysE3eIylhsMYjxWf8uu7TFD49RKz/2YBT9DnkznqijIDTg
3NoyaBmU5AFIBsH93BBvp8vrSsNvtLSeqIvUt7aVSIchYlJfyoI+XN82yb3m06+1
PiqhMklqChZKmjHz9JjiXtfRVHokIw22ve9w75IK67EpCVwqBEtbWR1l1s4fyZJE
SQqWN83/pkeB/aM3sNCsuPRzy8SOdsaOoNnWShQ8vQ3+bz95COI/VQWN/MYTZBKk
7D8OcSx4g3a0rDSn3Mxb
=PInD
-----END PGP SIGNATURE-----
More information about the devel
mailing list