On 4/15/14, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote: > > > Am 15.04.2014 11:01, schrieb Jaroslav Reznik: >> = Proposed System Wide Change: Workstation: Disable firewall = >> https://fedoraproject.org/wiki/Changes/Workstation_Disable_Firewall >> >> Change owner(s): Matthias Clasen <mclasen@xxxxxxxxxx> >> >> The firewalld service will not be enabled by default in the workstation >> product. >> >> == Detailed Description == >> The current level of integration into the desktop and applications does not >> justify enabling the firewalld service by default. [cut] Isn't the integration something which should be fixed rather than walked-around? >> It will of course still be possible to enable the firewall manually. Nope. There will be scenarios where a user will have exposed the new new machine before the firewall is enabled. > seriously going the Apple way and back to where WiNXP before SP3 was? Actually, it will be worse. Users are expecting the firewall to be present, and breaking that assumption will create all sorts of problems. IN the old days, at least experienced users knew about the missing firewall and related problems. [cut] > honestly whoever proposes such a change has to understand that these > days it is not uncommon to have diretly to the WAN exposed machines > with no safety NAT/router between (UMTS/3G sticks, untrusted WLAN) +1 If you really, really want to walk this path it might be better with some kind of post-install configuration step optionally disabling the firewall (with user dialog). This would at least make things visible, and not leave the system open from the beginning. But the proper solution is certainly to fix the application/firewall integration. --alec -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
