I just verified that I have the same default configuration from a clean install. Not good at all. I expected more.
-- Christopher L Tubbs II http://gravatar.com/ctubbsii On Mon, Dec 8, 2014 at 1:41 AM, Kevin Kofler <kevin.kof...@chello.at> wrote: > Hi, > > I just happened to look at the firewalld default settings, and I was not > amused when I noticed this: > http://pkgs.fedoraproject.org/cgit/firewalld.git/tree/FedoraWorkstation.xml > > <port protocol="udp" port="1025-65535"/> > > <port protocol="tcp" port="1025-65535"/> > This "firewall" is a joke! ALL higher ports are wide open! > > There had been a prior discussion on this list where they wanted to disable > the firewall entirely. We told them that that's a horrible idea (which it > is, of course!). But the result is that they implemented this "solution" > which is almost entirely as bad, and which additionally gives users a false > sense of security, because a "firewall" is "enabled" (for a very twisted > definition of "enabled"). > > IMHO, this is a major security issue that MUST be fixed. It also shows what > horribly bad an idea per-Product configuration is. > > Yet another reason why you should NOT use "--product=workstation" to > upgrade > your F20 to F21 (ALWAYS use "--product=nonproduct"). Installing the > "Workstation Product", or upgrading to it, will leave you with a totally > insecure system. > > Kevin Kofler > > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct