+1 - I've added 'firewall-config' to my remix and changed the default zone to 'public'. I'm not sure what the impact would be of closing off dhcpv6-client and mdns is so I left those open. I left ssh open because the service is disabled by default.
On Mon, Dec 8, 2014 at 4:35 PM, Kevin Kofler <kevin.kof...@chello.at> wrote: > Alec Leamas wrote: > > Tracking this issue back we find [1] where the workstation group tried > > to just disable the firewall. This started some threads. FESCO rejected > > the change request. > > > > For me, this issue then disappeared from my radar. It seems that after > > FESCO turned down the wide-open system option the discussion was in the > > workstation list, where they ended up opening all user ports (?) and > > implemented this. > > To me, it is obvious that the Workstation WG is in deliberate contempt of > FESCo's decision. That alone ought to lead to sanctions from FESCo. In > addition, FESCo's decision must be implemented properly by a security > update > ASAP. A wide-open firewall is a security issue. We CANNOT leave it unfixed. > (For a precedent, where a deliberate security hole was forced to be closed > in an update, see the Fedora 12 PackageKit policy fiasco: > > https://www.redhat.com/archives/fedora-devel-list/2009-November/msg00926.html > ) > > Kevin Kofler > > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > -- Twitter: http://twitter.com/znmeb; OSJourno: Robust Power Tools for Digital Journalists https://osjourno.com <http://j.mp/CompJournoStickOverview> Remember, if you're traveling to Bactria, Hump Day is Tuesday and Thursday.
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
