Bastien Nocera wrote:
> Security is about compromises. The net result of the old firewall settings
> was people disabling the firewall.
And the net result of the new firewall settings is you disabling the
firewall for them, and also for all those people out there (like me) who
were NOT disabling the firewall. (Thankfully, I'm not using the GNOME
Workstation, nor firewalld (but the old iptables.service), so I won't get
this "improvement".)
> The new firewall settings were vouched for by the firewalld folks, and
> provide good defaults for most users.
The new firewall settings essentially amount to disabling the firewall.
The only ports they protect are those controlled by root anyway, and there
is nothing listening on those ports by default (except SSH, which your
firewall rules also let through, but that was already the case before).
Kevin Kofler
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
