On Sunday, September 1, 2019 4:13:10 AM MST mcatanzaro@xxxxxxxxx wrote: > On Sat, Aug 31, 2019 at 6:37 PM, Nico Kadel-Garcia <nkadel@xxxxxxxxx> > wrote: > > > If 30 years in DevOps and system security in both large and small > > networks count for anything, this makes *complete* sense. The > > distinction between a "Workstation" deployment and a "Server" or > > "Everything" deployment should not include leaving the Workstation > > completely vulnerable to the most casual script kiddie attacks after > > they install *any* services, especially including MySQL, DNS, Samba, > > or Tomcat, Jenkins, or anything else. > > > Well that's why installed network services are disabled by default in > Fedora, unless the package receives an exception from FESCo. This isn't > Debian where installing a package is expected to result in the service > being up and running. If you 'systemctl start' your service and the > firewall breaks it, that's just annoying. > > Michael There is not a single service in Fedora that is broken by the firewall running. You simply have to open the port before it can be accessed from a remote system, which is by design. Basic access control, a security feature. -- John M. Harris, Jr. <johnmh@xxxxxxxxxxxxx> Splentity https://splentity.com/ _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
