On 2020-02-21 13:34, Samuel Sieb wrote: > On 2/20/20 7:47 PM, Ed Greshko wrote: >> Oh, never mind. Wrong system. The "default" rules for FedoraWorkstationso seem "odd". > > Not really. > >> [root@f31m ~]# firewall-cmd --info-zone=FedoraWorkstation >> FedoraWorkstation >> target: default >> icmp-block-inversion: no >> interfaces: >> sources: >> services: dhcpv6-client samba-client ssh >> ports: 1025-65535/udp 1025-65535/tcp > > Any critical system daemons are 1024 and below. The reason the high ports are left open is for user applications to be able to communicate without users having to figure out the firewall. Yeah, which is the reason for quotes around odd. I understand the reasoning to make it easier on users. It is just something I wouldn't have done. I can envision someone configuring a service to run on the higher ports which can be compromised and then disables selinux because they run into it trying to protect them. Maybe I shouldn't pity them. :-) -- The key to getting good answers is to ask good questions. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
