"Workstation" Product defaults to wide-open firewall
kevin.kofler at chello.at
Wed Dec 10 13:28:15 UTC 2014
Bastien Nocera wrote:
> Even if we chose static ports for those (or rather port ranges, because if
> you have multiple users running, you'd need multiple ports), leaving only
> those ports opened wouldn't stop other random applications from choosing
> those ports to do something nefarious. You're just limiting the
> availability of ports without increasing security.
That's why we should only keep ports open that are actually reserved at boot
time by systemwide services. User sessions should NEVER be open to the
network, at least not in the default firewall configuration.
More information about the devel