> > > users running applications which opening a high port in the background > > like license checks and so on (as example ZendStudio) will be really > > thankful that as default these ports are open on the WAN > > Why does it listen on a port for license checks? It should just contact > the server and not the other way. > > Besides no one is stopping you from enabling the firewall. > I'm going to jump into this thread here (I'm not purposely picking on this singular point). So when we have to think about security, the mindset needs to be "secure by default". We shouldn't tell people they *can* enable the firewall, we tell them the can disable it. While I will agree that in a perfect world we shouldn't need a firewall, we don't live in a perfect world. Applications have bugs, they have default logins, they listen on ports they shouldn't, users have bad passwords, they have public shared folders, the list can go on for a very very long time. A firewall is an easy win here. Fedora needs to keep in mind is the safety of our users. We've lived up to this point with a firewall enabled. The solution is to fix the firewall, not disable it. If we just disable the firewall, what is our incentive to fix it? Please don't disable the firewall, it's almost certainly not the right decision, and I'm pretty sure we'll end up wishing we'd not disabled it sooner or later. Thanks. -- Josh Bressers / Red Hat Product Security Team -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
