On Saturday, February 22, 2020 8:38:38 PM MST Samuel Sieb wrote: > On 2/22/20 7:34 PM, John M. Harris Jr wrote: > > > On Saturday, February 22, 2020 8:17:01 PM MST Samuel Sieb wrote: > > > >> On 2/22/20 7:07 PM, John M. Harris Jr wrote: > >> > >> > >> > >>> Glad to hear it. A quick note, Fedora Workstation (what I refer to as > >>> the > >>> "GNOME Spin") may send out an update which resets your firewall to > >>> their > >>> defaults, which would open you back up to attacks. I'll pass this > >>> along, > >>> and hopefully we can get a more sane firewall into Fedora's GNOME > >>> experience within the year.. > >> > >> > >> > >> > >> I guarantee that the firewall will not be changing. It has been > >> discussed at length in the past and that is what was decided on. Your > >> opinion on it is noted, but will not change anything. > > > > > > If it has been discussed at length, then you'd know that it makes no sense > > to open all of the ports that firewall zone opens. You've seen a > > real-world example of the harm that firewall zone causes in this very > > thread. > > It makes sense and I didn't see any harm in this thread. Feel free to > bring it up again, but all you'll do is annoy people. It makes absolutely no sense. The ports it opens are all meant to run as the user, the ones that are, arguably, the most sensitive. It opens these on ALL interfaces BY DEFAULT, which is absolutely absurd. This means that everything binding a port as the user winds up open to every network they connect to, unless the end user explicitly goes and changes the firewall zone, which the GNOME UI doesn't even provide a way to do (unless something has changed), the use has to use firewall-cmd or open nm-connection-editor. The harm in this demonstrated in this thread was opening EVERY PROCESS THAT BINDS A PORT AS THE USER to THE ENTIRE INTERNET, on both IPv4 and IPv6. -- John M. Harris, Jr. Splentity _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx