"Workstation" Product defaults to wide-open firewall

Kevin Kofler kevin.kofler at chello.at
Wed Dec 10 13:28:15 UTC 2014

Bastien Nocera wrote:
> Even if we chose static ports for those (or rather port ranges, because if
> you have multiple users running, you'd need multiple ports), leaving only
> those ports opened wouldn't stop other random applications from choosing
> those ports to do something nefarious. You're just limiting the
> availability of ports without increasing security.

That's why we should only keep ports open that are actually reserved at boot 
time by systemwide services. User sessions should NEVER be open to the 
network, at least not in the default firewall configuration.

        Kevin Kofler

More information about the devel mailing list