"Workstation" Product defaults to wide-open firewall

Reindl Harald h.reindl at thelounge.net
Mon Dec 8 15:59:53 UTC 2014 

Am 08.12.2014 um 16:49 schrieb Bastien Nocera:
> Make sure to note that I'm convinced that the new firewall settings in
> Fedora Workstation 21 are more secure than what was available in Fedora 20's
> default settings.
>
> If Reindl, Kevin or Tomas want to disagree with that, I'll give you a little
> exercise:
> Having just installed and updated my Fedora 20, I want to share a video in my
> home directory using UPnP/DLNA to my TV, using rygel for example. Document the
> steps necessary to achieve that

than solve the problem that we don't have a firewall like personal 
firewalls on windows decades ago which can react on events and *ask* the 
user instead burry your head in the sand and open all ports

that where times where windows did not have any firewall enabled

now windows has *and* can ask after MS realized that it is a terrible 
idea to come with a enduser OS without - frankly i feel somebody smile 
in Redmon when previously secure operating systems give that up not 
learning from the past

such events could be "hmm the machine is listening on a previous unknown 
port" - it does not exist - so what - invent a solution or accept until 
it exists that there is not much you can do *but* do not turn up all 
shields because a "oh i want to share a video and not know anything 
about a computer"
__________________________________________________________

[root at srv-rhsoft:~]$ netstat -l | grep mediatomb
tcp        0      0 0.0.0.0:8080            0.0.0.0:* 
LISTEN      5222/mediatomb
udp        0      0 127.0.0.1:56066         0.0.0.0:* 
         5222/mediatomb
udp        0      0 0.0.0.0:1900            0.0.0.0:* 
         5222/mediatomb

[root at srv-rhsoft:~]$ firewall_status | grep 1900
  3469 1154K ACCEPT     udp  --  br0    *       192.168.2.0/24 
0.0.0.0/0            multiport dports 1900
     0     0 ACCEPT     udp  --  br0    *       10.0.0.0/24 
0.0.0.0/0            multiport dports 1900

[root at srv-rhsoft:~]$ firewall_status | grep 8080
   190 11400 ACCEPT     tcp  --  br0    *       192.168.2.0/24 
0.0.0.0/0            multiport dports 8080 ctstate NEW tcp flags:0x17/0x02
     0     0 ACCEPT     tcp  --  br0    *       10.0.0.0/24 
0.0.0.0/0            multiport dports 8080 ctstate NEW tcp flags:0x17/0x02
     0     0 ACCEPT     tcp  --  br1    eth1    192.168.10.0/24 
0.0.0.0/0            multiport dports 53,80,443,8080,8443 ctstate NEW


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141208/e728389a/attachment.sig>

More information about the devel mailing list