"Workstation" Product defaults to wide-open firewall

M. Edward (Ed) Borasky znmeb at znmeb.net
Tue Dec 9 01:32:16 UTC 2014


+1 - I've added 'firewall-config' to my remix and changed the default zone
to 'public'. I'm not sure what the impact would be of closing off
dhcpv6-client and mdns is so I left those open. I left ssh open because the
service is disabled by default.

On Mon, Dec 8, 2014 at 4:35 PM, Kevin Kofler <kevin.kofler at chello.at> wrote:

> Alec Leamas wrote:
> > Tracking this issue back we find [1] where the workstation group  tried
> > to just disable the firewall. This started some threads. FESCO rejected
> > the change request.
> >
> > For me, this issue then disappeared from my radar. It seems that after
> > FESCO turned down the wide-open system option the discussion was in the
> > workstation list, where they ended up opening all user ports (?) and
> > implemented this.
>
> To me, it is obvious that the Workstation WG is in deliberate contempt of
> FESCo's decision. That alone ought to lead to sanctions from FESCo. In
> addition, FESCo's decision must be implemented properly by a security
> update
> ASAP. A wide-open firewall is a security issue. We CANNOT leave it unfixed.
> (For a precedent, where a deliberate security hole was forced to be closed
> in an update, see the Fedora 12 PackageKit policy fiasco:
>
> https://www.redhat.com/archives/fedora-devel-list/2009-November/msg00926.html
> )
>
>         Kevin Kofler
>
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
>



-- 
Twitter: http://twitter.com/znmeb; OSJourno: Robust Power Tools for Digital
Journalists https://osjourno.com <http://j.mp/CompJournoStickOverview>

Remember, if you're traveling to Bactria, Hump Day is Tuesday and Thursday.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141208/f6ec9f3a/attachment.html>


More information about the devel mailing list