"Workstation" Product defaults to wide-open firewall

Reindl Harald h.reindl at thelounge.net
Mon Dec 8 16:22:49 UTC 2014

Am 08.12.2014 um 17:17 schrieb Bastien Nocera:
>> Am 08.12.2014 um 17:10 schrieb Bastien Nocera:
>>>>> Security is about compromises. The net result of the old firewall
>>>>> settings
>>>>> was people disabling the firewall.
>>>> And the net result of the new firewall settings is you disabling the
>>>> firewall for them,
>>> It's not disabled
>> it is practically
>> the only port unprivileged code can listen on is > 1024, you opened that
>>>> The new firewall settings essentially amount to disabling the firewall.
>>> It doesn't
>> it does
>> the only port unprivileged code can listen on is > 1024, you opened that
> And you're not interested in protecting any of the services running as root?

noah stop that polemic

i know /etc/services and hence i am interested in protecting *any port*

period - end of discussion - we will never agree and thankfully i gave
up maintaining any enduser machine years ago because i had enough of the 
out-of-the-box security problems on windows systems and god bless that i 
never started to recommend anybody use whatever OS

the machines i have to bother about are secured

*but* be sure that discussion is bookmarked if we read soon about damage 
done by careless defaults to users which thought they can trust their 
operating system in a default setup

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141208/f71da353/attachment.sig>

More information about the devel mailing list