"Workstation" Product defaults to wide-open firewall

Bastien Nocera bnocera at redhat.com
Mon Dec 8 11:51:00 UTC 2014

----- Original Message -----
> Am 08.12.2014 um 12:34 schrieb Bastien Nocera:
> >>>> Am 08.12.2014 um 11:45 schrieb Bastien Nocera:
> >>>>>> Well, I'll understand these aspects.
> >>>>>>
> >>>>>> But when I think about Linux, especially about Fedora, I'm thinking
> >>>>>> about the freedom to make decisions. This means to me, to customize
> >>>>>> and take advantage of my computer and in this case my operating
> >>>>>> system.
> >>>>>
> >>>>> You're free to select another firewall zone
> >>>>
> >>>> so why do you not make secure defaults and say "You're free to select
> >>>> another (more unsecure) firewall zone"?
> >>>
> >>> 1) It is secure enough and Eclipse listening to a port by default is a
> >>> bug
> >>> (and I have the firewall specialists at Red Hat/Fedora to back me up)
> >>
> >> I have Eclipse open and it's not listening to a port AFAIKT. I wonder what
> >> obscure plugin is installed in Eclipse to make this happen.
> >
> > Thanks for following up Aleksandar. Hopefully Reindl will let us know about
> > that
> > so the bug can be fixed.
> * first: it is not a Fedora package
> * second: it does not matter
> fixing applications to work around harmful firewall settings is the
> wrong direction - the *purpose* of a firewall is to *protect* against
> such things and i really don't get why this needs to be explained
> multiple times

Security is about compromises. The net result of the old firewall settings
was people disabling the firewall. The new firewall settings were vouched for
by the firewalld folks, and provide good defaults for most users.

> that's the same as drive a car on the street, facing another driver
> ignoring his red light and instead try to stop your car just say "he is
> wrong and i am allowed to drive"
> a sensible reaction would be stop, call the others names and live
> the ignorant reaction would be get killed but be right at it

I can't parse that, sorry. Looks like a strawman.

More information about the devel mailing list