"Workstation" Product defaults to wide-open firewall
Reindl Harald
h.reindl at thelounge.net
Mon Dec 8 15:59:53 UTC 2014
Am 08.12.2014 um 16:49 schrieb Bastien Nocera:
> Make sure to note that I'm convinced that the new firewall settings in
> Fedora Workstation 21 are more secure than what was available in Fedora 20's
> default settings.
>
> If Reindl, Kevin or Tomas want to disagree with that, I'll give you a little
> exercise:
> Having just installed and updated my Fedora 20, I want to share a video in my
> home directory using UPnP/DLNA to my TV, using rygel for example. Document the
> steps necessary to achieve that
than solve the problem that we don't have a firewall like personal
firewalls on windows decades ago which can react on events and *ask* the
user instead burry your head in the sand and open all ports
that where times where windows did not have any firewall enabled
now windows has *and* can ask after MS realized that it is a terrible
idea to come with a enduser OS without - frankly i feel somebody smile
in Redmon when previously secure operating systems give that up not
learning from the past
such events could be "hmm the machine is listening on a previous unknown
port" - it does not exist - so what - invent a solution or accept until
it exists that there is not much you can do *but* do not turn up all
shields because a "oh i want to share a video and not know anything
about a computer"
__________________________________________________________
[root at srv-rhsoft:~]$ netstat -l | grep mediatomb
tcp 0 0 0.0.0.0:8080 0.0.0.0:*
LISTEN 5222/mediatomb
udp 0 0 127.0.0.1:56066 0.0.0.0:*
5222/mediatomb
udp 0 0 0.0.0.0:1900 0.0.0.0:*
5222/mediatomb
[root at srv-rhsoft:~]$ firewall_status | grep 1900
3469 1154K ACCEPT udp -- br0 * 192.168.2.0/24
0.0.0.0/0 multiport dports 1900
0 0 ACCEPT udp -- br0 * 10.0.0.0/24
0.0.0.0/0 multiport dports 1900
[root at srv-rhsoft:~]$ firewall_status | grep 8080
190 11400 ACCEPT tcp -- br0 * 192.168.2.0/24
0.0.0.0/0 multiport dports 8080 ctstate NEW tcp flags:0x17/0x02
0 0 ACCEPT tcp -- br0 * 10.0.0.0/24
0.0.0.0/0 multiport dports 8080 ctstate NEW tcp flags:0x17/0x02
0 0 ACCEPT tcp -- br1 eth1 192.168.10.0/24
0.0.0.0/0 multiport dports 53,80,443,8080,8443 ctstate NEW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141208/e728389a/attachment.sig>
More information about the devel
mailing list