Re: F21 System Wide Change: Workstation: Disable firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/15/2014 04:42 PM, Reindl Harald wrote:

Am 15.04.2014 16:28, schrieb Christian Schaller:
----- Original Message -----
From: "Reindl Harald" <h.reindl@xxxxxxxxxxxxx>
To: devel@xxxxxxxxxxxxxxxxxxxxxxx
Sent: Tuesday, April 15, 2014 11:40:20 AM
Subject: Re: F21 System Wide Change: Workstation: Disable firewall


Am 15.04.2014 11:32, schrieb drago01:
On Tue, Apr 15, 2014 at 11:18 AM, Reindl Harald <h.reindl@xxxxxxxxxxxxx>
wrote:

allow any random application to open a unprivlieged
port which is reachable from outside is dangerous

We already allow that and have for a long while. Any application bothering to support
the firewalld dbus interface can open any port they wish to.

that is bad enough *but now* we disable any firewall at all?
seriously?

Only authenticated applications can change firewall settings like for example open ports, ...

There was a long thread about this on the desktop mailing list, and I was
not in the 'disable the firewall' camp in that discussion, but nobody in
that thread or here have articulated how the firewall exactly enhance security
in the situation where we at the same time need to allow each user to have any
port they desire opened for traffic to make sure things like DLNA or Chromecast
works.

that is pretty easy - defaults have to be closed anything and the user
have to make a choice for, otherwise if there are cirtical security
updates after a release you have *exactly* the same as WinXP SP2

try it out on a public reachable IP, you will not survive the time
you need to apply the security updates because you are infected
long before

honestly if these days i would consider switch to linux and unsure
which distribution the one proposing "disable firewall by default"
would be the last one on the list



--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux