Unexpected NIC naming f23 firewall implications
Christopher
ctubbsii-fedora at apache.org
Sat Nov 7 17:34:32 UTC 2015
On Sat, Nov 7, 2015, 12:28 Christopher <ctubbsii-fedora at apache.org> wrote:
I recently updated my desktop to f23, and it went smoothly, for the most
part. However, it broke my mediatomb server because the NIC changed from
em1 to eno1.
Is this something that was expected? It certainly surprised me.
In addition to the mediatomb configuration needing to be changed, I also
noticed a more serious issue here: the firewalld zone associated with em1
did not get ported to eno1 during the upgrade. That could have serious
unexpected implications for security.
In my case, it wasn't that serious, because my default zone was more locked
down than the one I had for that NIC, but I can imagine scenarios where it
could be a problem.
For the most part, the upgrade experience was great, but I thought I'd
mention this particular issue for consideration/discussion, because I
wasn't aware of the naming change in advance, and it could have serious
consequences for function and security.
This is also a good reason why the default firewalld zone should be very
restrictive.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20151107/fc9e0fe8/attachment.html>
More information about the devel
mailing list