"Workstation" Product defaults to wide-open firewall

Michael Spahn michael at spahn.me
Mon Dec 8 09:34:59 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We don't need open or preconfigured high ports.

What we really need is a user notification with options to allow or
deny like we do with SELinux.

That would be a appropriate solution for a workstation.



On 08.12.2014 10:29, Reindl Harald wrote:
> 
> Am 08.12.2014 um 09:38 schrieb Paul Howarth:
>> FWIW, this is mentioned in the release notes:
>> 
>> http://docs.fedoraproject.org/en-US/Fedora/21/html/Release_Notes/sect-Products.html#Products-Workstation
>>
>>
>>
>> 
2.3.3. Developer oriented firewall
>> 
>> Developers often run test servers that run on high numbered
>> ports, and interconnectivity with many modern consumer devices
>> also requires these ports. The firewall in Fedora Workstation,
>> firewalld, is configured to allow these things.
>> 
>> Ports numbered under 1024, with the exceptions of sshd and
>> clients for samba and DHCPv6, are blocked to prevent access to 
>> system services. Ports above 1024, used for user-initiated 
>> applications, are open by default.
> 
> WTF - "developer oriented firewall" on workstation?
> 
> i doubt it is smart that by default my running Eclipse accepts
> incoming connections from the WAN (that i am paied for IT security
> prevents that but only here)
> 
> tcp        0      0 0.0.0.0:20080           0.0.0.0:* LISTEN
> 8669/java
> 
> tcp        0      0 0.0.0.0:10137           0.0.0.0:* LISTEN
> 8669/java
> 
> tcp        0      0 0.0.0.0:9000            0.0.0.0:* LISTEN
> 8669/java
> 
> udp        0      0 0.0.0.0:4321            0.0.0.0:*
> 8669/java
> 
> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJUhXDCAAoJEGtRNj3Wo+zB7b8P/3wQdQUnqDKCO07NNEvTd3q4
u09zQeRsDJJggUU8frmJGHHjwIzoKQn4LOjh1P5y3LBRYrQJxB9l/GfVbqRm0B6V
47F0DNULSUYljey4Mbc608cxJHHyzIUVD1llxMem47EiwgJJcI/Le6fG0aJzYehp
NuvHG2D8fU89+BIHZESRhoYLcc9ryNfAQO8BM3bOATV1eHCHAMoRNsuBqyGEbVN6
hOcLLDvgkOyhgwPBmzIceguGQt1aWSVC2K5Jx0eF6gTJ5l67QFVSfPdINo4oyh7v
H04FeCQoaouVMM2ultdbAR2k8zaBPCPENjP/289nEP7QWzEkhKYEYGKYdCF5uoNe
Ngn9t9FK6n4tHUtQx3b/Ge50S3jrdvbiBcwkm5JlUhbTGf4o8XbXeRORAr+KKVmC
c/QZiyob4OcluIOkvEysE3eIylhsMYjxWf8uu7TFD49RKz/2YBT9DnkznqijIDTg
3NoyaBmU5AFIBsH93BBvp8vrSsNvtLSeqIvUt7aVSIchYlJfyoI+XN82yb3m06+1
PiqhMklqChZKmjHz9JjiXtfRVHokIw22ve9w75IK67EpCVwqBEtbWR1l1s4fyZJE
SQqWN83/pkeB/aM3sNCsuPRzy8SOdsaOoNnWShQ8vQ3+bz95COI/VQWN/MYTZBKk
7D8OcSx4g3a0rDSn3Mxb
=PInD
-----END PGP SIGNATURE-----

More information about the devel mailing list