Re: "Workstation" Product defaults to wide-open firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Am 08.12.2014 um 16:49 schrieb Bastien Nocera:

Make sure to note that I'm convinced that the new firewall settings in
Fedora Workstation 21 are more secure than what was available in Fedora 20's
default settings.

If Reindl, Kevin or Tomas want to disagree with that, I'll give you a little
exercise:
Having just installed and updated my Fedora 20, I want to share a video in my
home directory using UPnP/DLNA to my TV, using rygel for example. Document the
steps necessary to achieve that
than solve the problem that we don't have a firewall like personal firewalls on windows decades ago which can react on events and *ask* the user instead burry your head in the sand and open all ports 

that where times where windows did not have any firewall enabled
now windows has *and* can ask after MS realized that it is a terrible idea to come with a enduser OS without - frankly i feel somebody smile in Redmon when previously secure operating systems give that up not learning from the past
such events could be "hmm the machine is listening on a previous unknown port" - it does not exist - so what - invent a solution or accept until it exists that there is not much you can do *but* do not turn up all shields because a "oh i want to share a video and not know anything about a computer" 
__________________________________________________________

[root@srv-rhsoft:~]$ netstat -l | grep mediatomb
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 5222/mediatomb udp 0 0 127.0.0.1:56066 0.0.0.0:* 5222/mediatomb udp 0 0 0.0.0.0:1900 0.0.0.0:* 5222/mediatomb 

[root@srv-rhsoft:~]$ firewall_status | grep 1900
3469 1154K ACCEPT udp -- br0 * 192.168.2.0/24 0.0.0.0/0 multiport dports 1900 0 0 ACCEPT udp -- br0 * 10.0.0.0/24 0.0.0.0/0 multiport dports 1900 

[root@srv-rhsoft:~]$ firewall_status | grep 8080
190 11400 ACCEPT tcp -- br0 * 192.168.2.0/24 0.0.0.0/0 multiport dports 8080 ctstate NEW tcp flags:0x17/0x02 0 0 ACCEPT tcp -- br0 * 10.0.0.0/24 0.0.0.0/0 multiport dports 8080 ctstate NEW tcp flags:0x17/0x02 0 0 ACCEPT tcp -- br1 eth1 192.168.10.0/24 0.0.0.0/0 multiport dports 53,80,443,8080,8443 ctstate NEW

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux