https://bugzilla.redhat.com/show_bug.cgi?id=902086 --- Comment #116 from jiri vanek <jvanek@xxxxxxxxxx> --- (In reply to Zbigniew Jędrzejewski-Szmek from comment #115) > (In reply to jiri vanek from comment #100) > > > Second question: elasticsearch listens on 0.0.0.0:9200 by default, accepting > > > commands from the internet. > > > This has to be fixed. Maybe a default configuration to limit it to ::1 > > > should be added. I don't know what, > > > but something has to be done. > > > > Afaik no simple option here. The firewalld shopud do this job or any other > > deployment tool like nginx or similar... > The problem is that Workstation product runs with firewall disabled. People How come? Wasnt it vice versa until recently? > might install ES without realizing that it listens on the network by > default. Even if it is documented somewhere. It is also very likely that ES > will become a dependency of other packages. Having it default to accepting > commands from the network seems like something that will bite our users. > "Secure by default" is the general principle. > Hmm. I agree. But currently no idea. Crap. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review