Re: Fedora Workstation and disabled by default firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 19-08-28 01:03:51, Chris Murphy wrote:
On Tue, Aug 27, 2019 at 10:26 PM Christopher <ctubbsii@xxxxxxxxxxxxxxxxx> wrote:
>
> On Tue, Aug 27, 2019 at 9:27 PM Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote:
>
> > The Workstation technical specification document says in part:
>
> Where is the full technical specification document, so one can read it
> not in part, but in full?

https://fedoraproject.org/wiki/Workstation/Technical_Specification

The discussion and decision to not include firewall-config (GUI
configuration application for firewalld) by default, five years ago
https://lists.fedoraproject.org/archives/list/desktop@xxxxxxxxxxxxxxxxxxxxxxx/thread/QROJ6LHGT5UUMNTBXEIJTPHPI3IWGFRY/

What's changed since then? It's fine to have purposeful re-evaluation
of any requirements or specification, but someone or a group need to
look through the prior history, and clearly articulate why that
history is obsolete, and produce a compelling case why this should be
re-evaluated.
 ...

Well, they promised to be responsible and it is asserted that an open
firewall is not responsible, and they said they would develp solutions
but they opened the firewall instead, and they haven't shown an actual
example of software available through gnome-software (the only supported
way to install software on Gnome and Fedora Workstation) that needs the
firewall to be already open.  Properly packaged Fedora software uses
either the D-Bus interface at runtime or firewall-cmd in a scriptlet at
install time to open any needed ports, so an example of software that
works only because the ports are already open would be good.

Note that software needing open inbound ports will usually need ports
opened (or a service enabled) on some router, along with setup to direct
incoming connections to the correct internal IP, so it can't work OOB.
It's possible that there is some confusion here, and Gnome thinks that
outbound ports need to be opened and that that is what they have done.

I haven't needed to do anything with firewalld on my machines in the
last few years, and my zone is "public", so I'm not very familiar with
firewalld.  (I use XFCE, not Workstation.)

--
____________________________________________________________________
TonyN.:'                       <mailto:tonynelson@xxxxxxxxxxxxxxxxx>
      '                              <http://www.georgeanelson.com/>
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux