"Workstation" Product defaults to wide-open firewall
M. Edward (Ed) Borasky
znmeb at znmeb.net
Tue Dec 9 01:32:16 UTC 2014
+1 - I've added 'firewall-config' to my remix and changed the default zone
to 'public'. I'm not sure what the impact would be of closing off
dhcpv6-client and mdns is so I left those open. I left ssh open because the
service is disabled by default.
On Mon, Dec 8, 2014 at 4:35 PM, Kevin Kofler <kevin.kofler at chello.at> wrote:
> Alec Leamas wrote:
> > Tracking this issue back we find  where the workstation group tried
> > to just disable the firewall. This started some threads. FESCO rejected
> > the change request.
> > For me, this issue then disappeared from my radar. It seems that after
> > FESCO turned down the wide-open system option the discussion was in the
> > workstation list, where they ended up opening all user ports (?) and
> > implemented this.
> To me, it is obvious that the Workstation WG is in deliberate contempt of
> FESCo's decision. That alone ought to lead to sanctions from FESCo. In
> addition, FESCo's decision must be implemented properly by a security
> ASAP. A wide-open firewall is a security issue. We CANNOT leave it unfixed.
> (For a precedent, where a deliberate security hole was forced to be closed
> in an update, see the Fedora 12 PackageKit policy fiasco:
> Kevin Kofler
> devel mailing list
> devel at lists.fedoraproject.org
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Twitter: http://twitter.com/znmeb; OSJourno: Robust Power Tools for Digital
Journalists https://osjourno.com <http://j.mp/CompJournoStickOverview>
Remember, if you're traveling to Bactria, Hump Day is Tuesday and Thursday.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the devel