On Tuesday, August 27, 2019 9:59:23 AM MST David Kaufmann wrote: > I'm not trying to recommend it, this is already done, e.g. for mdns, > samba-client, or ssh. (To be fair that happens on os install, not > necessarily on package install) > I'm trying to list the problems with those options. There is a significant difference between opening up ports, on the fly, as users install packages, and setting defaults. > Very true. Unfortunately it is usually done to shield services which > should not be there in the first place. > Also stuff like rate-limiting or ip-header-checks are usually done by > firewalls, hence my emphasis on making sure users don't start to disable > the whole firewall because it is "easier". Well, some of the IP header checks are done in the kernel, before they get to the firewall module(s) firewalld uses under the hood (I assume netfilter and kin), but yes, I agree with the sentiment. -- John M. Harris, Jr. <johnmh@xxxxxxxxxxxxx> Splentity https://splentity.com/ _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
