"Workstation" Product defaults to wide-open firewall

Christian Schaller cschalle at redhat.com
Tue Dec 9 15:40:46 UTC 2014

----- Original Message -----
> From: "Reindl Harald" <h.reindl at thelounge.net>
> To: devel at lists.fedoraproject.org
> Sent: Tuesday, December 9, 2014 10:04:46 AM
> Subject: Re: "Workstation" Product defaults to wide-open firewall
> Am 09.12.2014 um 15:57 schrieb Christian Schaller:
> > Well I think it is hard for anyone to guess what would be reasonable
> > defaults for
> > you specifically, any default is by its nature just targeting an generic
> > person, which might or might not be a lot like you.
> >
> > But if you are aware and understand the finer details here then it isn't
> > that
> > big a job to change it, you should be able to go into the network manager,
> > choose your
> > connection, choose 'identity' (should probably be moved to be under
> > security?) and change
> > the zone for your network to whatever suits you better.
> and why can't you do the same if you want it open instead start
> wide-open and expect from people to secure their system

I think the part of the sentence you probably missed was "if you are aware 
and understand the finer details here", because for anyone who doesn't
understand the finer details here you are suggesting we default the system to 

> how long do you think does it take until someone is so audacious and
> installs mysql and apache with the intention just to develop some
> webscripts on his workstation *beause* he want only play around with it
> not imaging that his mysqld is open to the world and not just localhost?
> the same applies for *any* other service in /etc/services with a port
> number above 1024 - ship unsecure defaults and expect users to secure
> their machines is pervert - that won't happen, sooner or later damage
> will happen and nobody feels responsible

More information about the devel mailing list