On Mon, 2019-08-26 at 14:51 -0400, Dan Book wrote: > On Mon, Aug 26, 2019 at 8:31 AM Vitaly Zaitsev via devel < > devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > > Hello all. > > > > Is it okay that firewall is completely disabled by default (opened all > > ports 1025-65535) on Fedora Workstation? > > > > I think that this is a major vulnerability and it must be fixed by > > changing default zone to public. > > > > firewall-cmd --list-all > > FedoraWorkstation (active) > > target: default > > icmp-block-inversion: no > > interfaces: enp1s0 > > sources: > > services: dhcpv6-client mdns samba-client ssh > > ports: 1025-65535/udp 1025-65535/tcp > > protocols: > > masquerade: no > > forward-ports: > > source-ports: > > icmp-blocks: > > rich rules: > > > > I agree that this is quite ill advised. As the maintainer of the Cinnamon > spin, can anyone answer whether (1) this would affect spins other than > Workstation, You get this config if VARIANT_ID in /etc/os-release is set to 'workstation', so only if fedora-release-workstation is installed. See 'rpm -q --scripts firewalld'. > and (2) if so, how to fix it? See above. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
