On Sun, Jul 28, 2024 at 12:49:51PM GMT, Arthur Bols via devel wrote: > Sure. But why do those ports need to be open by default at all? What is > the benefit of adding those extra 2 lines? Does it enhance user > friendliness? I doubt it, as users will still need to open ports for > e.g. slp or mdsn. What it does is put users at risk. dhcpv6-client, samba-client, and ssh are opened by default. Perhaps mdns should be added to this list. > I wouldn't have this conversation if we had no firewall rules like arch > or Debian, but we do. We even go as far as install and enable Firewalld > by default. As far as I know Fedora is positioning itself as a > beginner-friendly Linux distro, thus we should strive to protect users. > Enabling a firewall that blocks traffic up to port 1024 is strange and > confusing, especially for security minded beginners. Historically, "privileged services" run on ports 0-1024. The idea was to protect those privileged services, while keeping 1025-65535 open for developers to develop applications using those ports. -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
