"Workstation" Product defaults to wide-open firewall

Reindl Harald h.reindl at thelounge.net
Mon Dec 8 11:26:29 UTC 2014

Am 08.12.2014 um 12:22 schrieb Bastien Nocera:
>> Am 08.12.2014 um 11:45 schrieb Bastien Nocera:
>>>> Well, I'll understand these aspects.
>>>> But when I think about Linux, especially about Fedora, I'm thinking
>>>> about the freedom to make decisions. This means to me, to customize
>>>> and take advantage of my computer and in this case my operating system.
>>> You're free to select another firewall zone
>> so why do you not make secure defaults and say "You're free to select
>> another (more unsecure) firewall zone"?
> 1) It is secure enough and Eclipse listening to a port by default is a bug
> (and I have the firewall specialists at Red Hat/Fedora to back me up)
> 2) Good defaults

again: the *purpose* of a Firewall is to protect from application bugs 
or unintentional user faults - frankly the early KDE4 setups in 2008 had 
a ton of listenining high ports, that where indeed a bug and 
hence a firewall to protect the user against such bugs

it is not a bug that "ZendStudio" is listening on a high UDP port for 
license verification (only one instance in the same network via broadcasts)

it is intentional by the software

but it is not intentional by the user have that open on the WAN or even 
by default in the LAN, it's intentional by the user to be protected

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141208/f3e55eba/attachment.sig>

More information about the devel mailing list