Am 15.04.2014 16:28, schrieb Christian Schaller: > ----- Original Message ----- >> From: "Reindl Harald" <h.reindl@xxxxxxxxxxxxx> >> To: devel@xxxxxxxxxxxxxxxxxxxxxxx >> Sent: Tuesday, April 15, 2014 11:40:20 AM >> Subject: Re: F21 System Wide Change: Workstation: Disable firewall >> >> >> Am 15.04.2014 11:32, schrieb drago01: >>> On Tue, Apr 15, 2014 at 11:18 AM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> >>> wrote: > >> allow any random application to open a unprivlieged >> port which is reachable from outside is dangerous >> > We already allow that and have for a long while. Any application bothering to support > the firewalld dbus interface can open any port they wish to. that is bad enough *but now* we disable any firewall at all? seriously? > There was a long thread about this on the desktop mailing list, and I was > not in the 'disable the firewall' camp in that discussion, but nobody in > that thread or here have articulated how the firewall exactly enhance security > in the situation where we at the same time need to allow each user to have any > port they desire opened for traffic to make sure things like DLNA or Chromecast > works. that is pretty easy - defaults have to be closed anything and the user have to make a choice for, otherwise if there are cirtical security updates after a release you have *exactly* the same as WinXP SP2 try it out on a public reachable IP, you will not survive the time you need to apply the security updates because you are infected long before honestly if these days i would consider switch to linux and unsure which distribution the one proposing "disable firewall by default" would be the last one on the list
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
