"Workstation" Product defaults to wide-open firewall
h.reindl at thelounge.net
Tue Dec 9 09:52:35 UTC 2014
Am 09.12.2014 um 10:08 schrieb Nikos Mavrogiannopoulos:
> On Tue, 2014-12-09 at 17:29 +1030, William B wrote:
>>>> I just happened to look at the firewalld default settings, and I
>>>> was not amused when I noticed this:
>>>>> <port protocol="udp" port="1025-65535"/>
>>>>> <port protocol="tcp" port="1025-65535"/>
>>>> This "firewall" is a joke! ALL higher ports are wide open!
>> I want to point out that for many home users, going into the future
>> this is worse than it seems. Many of us are just thinking about the
>> local network. Firewalld implements these rules not just for ipv4, but
>> ipv6 too. If you have a low quality home router, that just lets ipv6
>> traffic in, you aren't just exposed to the whole network, but the whole
>> internet. While ipv6 relies somewhat on well configured router
>> firewalls, we cannot guarantee this.
> That is compromise. Of course there are untrustworthy LANs. However we
> shouldn't cripple functionality for users on their trusted lan because
> there may be few users in a LAN they don't trust.
you heard about notebooks, WLAN and public access points?
> If you are in such a
> lan, then I'd expect to switch your firewall's zone. If the installer
> could do that automatically, it would be even better
you have nothing to expect from a ordinary user, otherwise the whole
flaw would not exist for handholding reasons
the user has to expect a by default secure configuration and if
something can be expected at all than that people knowing their LAN
sitch their firewall zone to a unsecure present and *not* the other
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: OpenPGP digital signature
More information about the devel