Re: Fedora Workstation and disabled by default firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 27, 2019 at 5:24 PM John Harris <johnmh@xxxxxxxxxxxxx> wrote:
>
> On Tuesday, August 27, 2019 8:23:01 AM MST Chris Murphy wrote:

> > Windows is enable by default with two "zones" or "policies" (I can't
> > even tell from their own UI what to call this), one for private
> > networks, and another for guest/public networks.
>
> I don't have a mac, so I can't confirm this, but Apple suggests that there's
> nothing bound to listen by default.

There are no services enabled by default either. No ssh, no file
sharing, no VNC, no printer sharing, etc.  macOS does have Bonjour
(mDNS) enabled by default, and while it's not self announcing, it is
listening for other device/services that are.

That's similar to Workstation.

> If that's the case, and I imagine it's
> difficult to run real software on Mac which might bind stuff (because of those
> "app" things they've got, I presume), that might be a legitimate thing for
> Macs. We're not Apple, and we're not rolling out MacOS. I personally believe
> that's a horrible idea for Mac systems as well, even if they don't bind
> anything by default, which we do.

Difficult to run real software ... I don't understand what that means
or how it manifests. I run all kinds of real software on macOS and it
works fine.

> This sounds like a misunderstanding as to what firewalls, and the various
> types of firewalls, are. By default, Fedora uses firewalld, which is not an
> application firewall, which is what you've described. "I dunno if this network
> is trustworthy! Do you know if it's trustworthy?!" is a legitimate decision
> for the end user or sysadmin to make. It is not "a buck passing interface",
> the Fedora install has no possible way to know. The end user or sysadmin
> would.

That actually isn't clear at all. And I am the end user and sysadmin.
I'm at home, I have my own AP, but none of the equipment is under my
direct control, it's centrally managed by a company I don't even pay.
So, is it trustworthy? Maybe. Maybe not. I have no practical way of
knowing without digging into Fedora Security spin and learning a bunch
of things I don't presently know - which for sure sounds really
fascinating, and I like that this spin exists, but there are only so
many hours in the day!

-- 
Chris Murphy
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux