Re: F21 System Wide Change: Workstation: Disable firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 04/21/2014 12:22 AM, drago01 wrote:

On Mon, Apr 21, 2014 at 12:02 AM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:


* there are network services enabled by default


Again that's a bug and a viloation of the guidelines. Which services
are you talking about?
Please file bugs.


* avahi is one of them


You keep listing this as an example but avahi is not only installed
and enabled by default
but also allowed configured to work in the default firewall setup
since F18 [1] ...

So the current default firewall won't protect you against avahi flaws.


This has been added only because of a FESCo decision:

https://fedoraproject.org/wiki/Features/AvahiDefaultOnDesktop


* you nor i can say for sure avahi never ever get a critical security update


See above.


* you nor i can be sure that there is not another network-service is running
* even if it is not running by intention it may be running by mistake as default
* so after you installed a new system avahi is running and the firewall down


See above.


* how do you genius install the updates without a network
and to *not* have to consider what is safe and what you have to stop after
a fresh install before you can plug your machine to the network for install
security relevant updates a firewall has to be enabled by default


Again you

1) assume that we enable random services by default and the firewall
is the only thing that protects freshly installed systems
2) that given the user options that do not work and force him to learn
about computer networks to do basic tasks is how things should work

both are false.

Sure disabling the firewall is not the only way to solve 2) but the
"silently make things not work" i.e the status quo or "ask a user
questions that he does not understand"
are no solutions.

There have been other suggestions in this thread that are helpful like
the network zones thing (but we still have too many zones) or enabling
services should make them work i.e
just enable the firewall rules.


honestly it's good that you are out of this discussion because you seem
to not have you clue about security nor understand the implications of
"who knows hat he is doing and why the one who don't need sane defaults"


No the reason is simply that talking to you is very annoying .. you
resort to baseless attacks (like the this one)  and strawmans.

1: http://fedoraproject.org/wiki/Features/AvahiDefaultOnDesktop


--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux