On Tuesday, August 27, 2019 8:23:01 AM MST Chris Murphy wrote: > On Tue, Aug 27, 2019 at 6:22 AM Neal Gompa <ngompa13@xxxxxxxxx> wrote: > > > > > > > The other major non-Linux operating systems do. Both Microsoft Windows > > and Apple macOS ship with active firewalls by default. > > > The firewall on macOS is disabled by default. Therefore I can't agree > with any assessment that Fedora Workstation is, on this point alone, > in some sort of vulnerable state outside that of macOS. > > Windows is enable by default with two "zones" or "policies" (I can't > even tell from their own UI what to call this), one for private > networks, and another for guest/public networks. I don't have a mac, so I can't confirm this, but Apple suggests that there's nothing bound to listen by default. If that's the case, and I imagine it's difficult to run real software on Mac which might bind stuff (because of those "app" things they've got, I presume), that might be a legitimate thing for Macs. We're not Apple, and we're not rolling out MacOS. I personally believe that's a horrible idea for Mac systems as well, even if they don't bind anything by default, which we do. By default, Windows 10 enterprise has the following firewall zones: Public Private Home Work Domain > >Those are the > > > > real competitors, and they have a good UX for firewall handling so > > that users can Do The Right Thing(TM). > > > For Windows and macOS, when firewall is enabled, an application that > tries to open a port against the firewall's policy, causes a dialog to > appear. The user needs to read that, and make a decision. A valid > subjective case can be made that this is janky, as if the UI itself is > saying: "I dunno if this network is trustworthy! Do you know if it's > trustworthy?!" Without any further way of informing the user how to > determine this. They are both a buck passing interface. And that's > fine for some users, but definitely not fine for others. This sounds like a misunderstanding as to what firewalls, and the various types of firewalls, are. By default, Fedora uses firewalld, which is not an application firewall, which is what you've described. "I dunno if this network is trustworthy! Do you know if it's trustworthy?!" is a legitimate decision for the end user or sysadmin to make. It is not "a buck passing interface", the Fedora install has no possible way to know. The end user or sysadmin would. -- John M. Harris, Jr. <johnmh@xxxxxxxxxxxxx> Splentity https://splentity.com/ _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
