00UTC'
Reason for outage:
We will be applying a change to the firewall on most of our servers and
possibly rebooting.
Services may go down during the outage window, more likely some
dropped/denied packets.
Affected Services:
Many services will be affected, but most should only be down for a
On 7/29/24 3:12 AM, Arthur Bols via devel wrote:
On 28/07/2024 23:11, Samuel Sieb wrote:
I wouldn't have this conversation if we had no firewall rules like
arch or Debian, but we do. We even go as far as install and enable
Firewalld by default. As far as I know Fedora is positioning itsel
Am 29.07.24 um 09:58 schrieb Kamil Paral:
On Sun, Jul 28, 2024 at 7:56 PM Kilian Hanich via devel
wrote:
Interesting position considering that Windows by default does block
everything via its Firewall by default. And Windows normally isn't known
to have great security defaults.
On Wi
ks for the correction.
I wouldn't have this conversation if we had no firewall rules like
arch or Debian, but we do. We even go as far as install and enable
Firewalld by default. As far as I know Fedora is positioning itself
as a beginner-friendly Linux distro, thus we should strive to
On Sun, Jul 28, 2024 at 7:56 PM Kilian Hanich via devel
wrote:
> Interesting position considering that Windows by default does block
> everything via its Firewall by default. And Windows normally isn't known
> to have great security defaults.
On Windows, you get an interactiv
On 7/28/24 3:49 AM, Arthur Bols via devel wrote:
On 28/07/2024 11:33, Adam Williamson wrote:
On Sun, 2024-07-28 at 10:25 +0200, Arthur Bols via devel wrote:
Hi all,
Yesterday, while assisting a user with connecting a printer, I noticed
that the default firewall zone on Fedora Workstation is
Am 28.07.24 um 13:20 schrieb Michael Catanzaro:
On Sun, Jul 28 2024 at 11:37:15 AM +02:00:00, Arthur Bols via devel
wrote:
Aside that this does not contribute to the discussion at all, I believe
it is reasonable to assume that the default firewall rules are strict
enough to not open all ports
Am 28.07.24 um 13:20 schrieb Michael Catanzaro:
On Sun, Jul 28 2024 at 11:37:15 AM +02:00:00, Arthur Bols via devel
wrote:
Aside that this does not contribute to the discussion at all, I believe
it is reasonable to assume that the default firewall rules are strict
enough to not open all ports
enhance user
friendliness? I doubt it, as users will still need to open ports for
e.g. slp or mdsn. What it does is put users at risk.
dhcpv6-client, samba-client, and ssh are opened by default. Perhaps
mdns should be added to this list.
I wouldn't have this conversation if we had no firewall
t; friendliness? I doubt it, as users will still need to open ports for
> > e.g. slp or mdsn. What it does is put users at risk.
>
> dhcpv6-client, samba-client, and ssh are opened by default. Perhaps
> mdns should be added to this list.
>
> > I wouldn't have this conv
e.g. slp or mdsn. What it does is put users at risk.
dhcpv6-client, samba-client, and ssh are opened by default. Perhaps
mdns should be added to this list.
> I wouldn't have this conversation if we had no firewall rules like arch
> or Debian, but we do. We even go as far as install and
On 28/07/2024 13:20, Michael Catanzaro wrote:
On Sun, Jul 28 2024 at 11:37:15 AM +02:00:00, Arthur Bols via devel
wrote:
Aside that this does not contribute to the discussion at all, I believe
it is reasonable to assume that the default firewall rules are strict
enough to not open all ports
On Sun, Jul 28 2024 at 11:37:15 AM +02:00:00, Arthur Bols via devel
wrote:
Aside that this does not contribute to the discussion at all, I
believe
it is reasonable to assume that the default firewall rules are strict
enough to not open all ports above 1024... That being said, it's an
ex
On 28/07/2024 11:33, Adam Williamson wrote:
On Sun, 2024-07-28 at 10:25 +0200, Arthur Bols via devel wrote:
Hi all,
Yesterday, while assisting a user with connecting a printer, I noticed
that the default firewall zone on Fedora Workstation is set to
"FedoraWorkstation". This zone
On 28/07/2024 11:20, Björn Persson wrote:
Arthur Bols via devel wrote:
I often run dev servers that I assume
are secure due to the default firewall settings
This practice of blindly assuming that somebody else is protecting you
from your own negligence is a common source of security breaches
On Sun, 2024-07-28 at 10:25 +0200, Arthur Bols via devel wrote:
> Hi all,
>
> Yesterday, while assisting a user with connecting a printer, I noticed
> that the default firewall zone on Fedora Workstation is set to
> "FedoraWorkstation". This zone has ports 1025-65535 op
Arthur Bols via devel wrote:
> I often run dev servers that I assume
> are secure due to the default firewall settings
This practice of blindly assuming that somebody else is protecting you
from your own negligence is a common source of security breaches.
Björn Persson
pgpyeh70G06
Hi all,
Yesterday, while assisting a user with connecting a printer, I noticed
that the default firewall zone on Fedora Workstation is set to
"FedoraWorkstation". This zone has ports 1025-65535 open by default
[0]. Is there a historical reason for this, just an oversight, or am
On Tue, Nov 1, 2022 at 10:26 AM Ben Beasley wrote:
> I haven’t looked deeply into Portmaster, but in general:
>
To add to Ben's nice summary, I'm potentially interested but TBH I have two
$DAYJOBS and have never packaged a GO project to date. Hopefully someone
else will chime in?
Thanks,
Richar
Packaging Guidelines, and if there is someone who has the time and interest to
package and maintain it in Fedora, then it would of course be a welcome
addition.
– Ben Beasley (FAS music)
On Tue, Nov 1, 2022, at 6:42 AM, martin luther wrote:
> https://github.com/safing/portmaster
> it is a firewa
https://github.com/safing/portmaster
it is a firewall app with nice gui just like glasswire but it is opensource
with some vpn features also hence it can be included they provide a .rpm app so
it can easily published in fedora repo
https://updates.safing.io/latest/linux_amd64/packages/portmaster
le this:
>
> 1. have every app bind to null, and hope the firewall filters out
> dangerous accesses. You'll get a *lot* of app collisions, because every
> app will fight for 443 ownership. And as soon as the firewall is down,
> the king has no clothes.
>
> 2. have every ap
via vlans, binding, teaming, etc).
Having every single networked app handle dynamic network changes on its
own does not scale.
There are not so many ways to handle this:
1. have every app bind to null, and hope the firewall filters out
dangerous accesses. You'll get a *lot* of app colli
; a
> configuration option on ports. So, while the software may be open to all
> ports
> because of the code itself, that is often not the intention. Many programs
> just bind all interfaces, and expect that you'll configure your firewall to
> whatever should be able to acces
On Tue, Sep 3, 2019 at 12:26 AM John Harris wrote:
> There is not a single service in Fedora that is broken by the firewall
> running. You simply have to open the port before it can be accessed from a
> remote system, which is by design. Basic access control, a security feature.
ge is expected to result in the service
> being up and running. If you 'systemctl start' your service and the
> firewall breaks it, that's just annoying.
>
> Michael
There is not a single service in Fedora that is broken by the firewall
running. You simply have to ope
orks, at all. First, let's go ahead and
>>>> address the
>>>> idea that "if the firewall blocks it, the app breaks, so it's the
>>>> firewall's
>>>> fault": It's not. If the firewall has not been opened, that just
>
>
>>>>
>>>> Well the thing is, blocknig ports tends to break applications that want
>>>> to use those ports. We're not going to do that, period. It also doesn't
>>>> really accomplish anything: either your app or service needs network
>>>&g
ba,
> > or Tomcat, Jenkins, or anything else.
>
> Well that's why installed network services are disabled by default in
> Fedora, unless the package receives an exception from FESCo. This isn't
> Debian where installing a package is expected to result in the service
ault in
Fedora, unless the package receives an exception from FESCo. This isn't
Debian where installing a package is expected to result in the service
being up and running. If you 'systemctl start' your service and the
firewall breaks it, that's just annoying.
Michael
__
On Sat, Aug 31, 2019 at 7:04 PM John Harris wrote:
>
> On Friday, August 30, 2019 5:16:25 AM MST Nico Kadel-Garcia wrote:
> > > On Aug 29, 2019, at 9:41 PM, John Harris wrote:
> > >
> > >
> > >> On Thursday, August 29, 2019 8:12:22 AM MST Dan Book wrote:
> > >> I would agree, but people do instal
On Friday, August 30, 2019 5:16:25 AM MST Nico Kadel-Garcia wrote:
> > On Aug 29, 2019, at 9:41 PM, John Harris wrote:
> >
> >
> >> On Thursday, August 29, 2019 8:12:22 AM MST Dan Book wrote:
> >> I would agree, but people do install multiple desktops after installing
> >> a
> >> spin. Such a us
smissing it.
>
>
> The potential compromise I see might involve exposing firewall zones in
> some well-considered and thoughtful way, including a rethink of what is
> blocked and allowed by the zones, and an understanding of what the goal
> of having each zone is. That would have t
ntion. Many programs
just bind all interfaces, and expect that you'll configure your firewall to
whatever should be able to access the network service it's serving.
Programs that don't intend to listen on every interface generally don't bind
only to one interface, though th
chance this could be implemented without much complexity, though.
Thank you for giving the idea at least a little consideration, though,
and not outright dismissing it.
The potential compromise I see might involve exposing firewall zones in
some well-considered and thoughtful way, including a rethink of
If anybody with a good memory or interest in thread archaeology wants
to investigate, I believe there was actually some problem with some
specific tools used by web developers that were broken by the previous
firewall configuration.
Michael
__
On Thu, Aug 29, 2019 at 06:54:48PM -0700, John Harris wrote:
> Workstation is only the primary product because somebody decided GNOME was
> the best default. This should be reconsidered, so that the various Spins,
This is backwards. We (the Fedora Board) at the time, asked for a team to
develop ou
> On Aug 29, 2019, at 9:41 PM, John Harris wrote:
>
>> On Thursday, August 29, 2019 8:12:22 AM MST Dan Book wrote:
>> I would agree, but people do install multiple desktops after installing a
>> spin. Such a use case needs to be considered (not sure if it matters,
>> though).
>
> This is defin
John Harris wrote:
> Thing is, binding a port and expecting it to be open to every network
> interface you've got are two very different things.
Once again John Harris is completely wrong. The bind system call is
precisely how a program specifies which network interfaces it wants to
open a socket
On Thursday, August 29, 2019 3:50:19 AM MST Iñaki Ucar wrote:
> Responding to the first message because I'm not interested in further
> discussion. It's clear to me that there will be no agreement in this
> matter unless there are reasonable potential alternatives. Therefore,
> this message is just
On Thursday, August 29, 2019 1:11:02 PM MST Chris Murphy wrote:
> On Thu, Aug 29, 2019 at 12:24 AM Chris Murphy
> wrote:
> >
> >
> > Debian has a permissive firewall
> > https://wiki.debian.org/DebianFirewall
>
>
> And Ubuntu, Mint, elementary, MX Linux, S
> > really accomplish anything: either your app or service needs network
> > access and you have whitelisted it (in which case the firewall provides
> > no security), or it needs network access and you have not whitelisted
> > it (in which case your firewall breaks your app/
On Thursday, August 29, 2019 5:29:32 PM MST Christopher wrote:
> Workstation is the primary product. Some choose that not for GNOME...
> but because they want to start with the most base product and
> customize from there. If you start with a Spin, you may get something
> pre-configured in a very w
> >>> It might be okay to be a GNOME-specific thing, as that's the only spin
> >>> of
> >>> Fedora which is affected by this decision.
> >>>
> >>>
> >>>
> >> The default firewall config affects every user of that edi
On Thursday, August 29, 2019 8:12:22 AM MST Dan Book wrote:
> I would agree, but people do install multiple desktops after installing a
> spin. Such a use case needs to be considered (not sure if it matters,
> though).
This is definitely not the ideal scenario, especially not from the case of the
ic thing, as that's the only spin of
> >>> Fedora which is affected by this decision.
> >>>
> >> The default firewall config affects every user of that edition, even
> >> if they never use GNOME (or even use graphical boot). So, I don't know
> >
On Thu, Aug 29, 2019 at 4:12 PM Chris Murphy wrote:
>
> On Thu, Aug 29, 2019 at 12:24 AM Chris Murphy wrote:
> >
> > Debian has a permissive firewall
> > https://wiki.debian.org/DebianFirewall
>
> And Ubuntu, Mint, elementary, MX Linux, Solus, pop!_OS, as well. By
On Thu, Aug 29, 2019 at 12:24 AM Chris Murphy wrote:
>
> Debian has a permissive firewall
> https://wiki.debian.org/DebianFirewall
And Ubuntu, Mint, elementary, MX Linux, Solus, pop!_OS, as well. By
permissive, they all accept everything. Nothing is rejected or
dropped.
Mageia, and op
On 8/29/2019 8:10 AM, Adam Williamson wrote:
On Wed, 2019-08-28 at 23:13 -0400, Christopher wrote:
On Wed, Aug 28, 2019 at 8:56 PM John Harris wrote:
It might be okay to be a GNOME-specific thing, as that's the only spin of
Fedora which is affected by this decision.
The default fir
itelisted it (in which case the firewall provides
> no security), or it needs network access and you have not whitelisted
> it (in which case your firewall breaks your app/service). In no case
> does it increase your security without breaking your app, right? Unless
> you have malware
p.
> > >
> > > It might be okay to be a GNOME-specific thing, as that's the only spin
> of
> > > Fedora which is affected by this decision.
> > >
> >
> > The default firewall config affects every user of that edition, even
> > if they never use GNO
a dialogue as a "first-boot" action, but that seems like it'd
> > > be a very GNOME-specific thing, and firewalld is not specific to the
> > > WM/Desktop.
> >
> > It might be okay to be a GNOME-specific thing, as that's the only spin of
> > Fedor
these proposals get accepted and implemented,
we could eventually bring back this discussion and reach some
consensus.
Iñaki
On Mon, 26 Aug 2019 at 14:40, Vitaly Zaitsev via devel
wrote:
>
> Hello all.
>
> Is it okay that firewall is completely disabled by default (opened all
&g
Debian has a permissive firewall
https://wiki.debian.org/DebianFirewall
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en
installations and configuration using the same Workstation
> ISO, and you can also just open a new TTY (e.g. Ctrl+Alt+F3),
> customize your system, and reboot without ever logging in to GNOME.
I don't know how that would possibly pull in the GNOME Spin's firewall config,
if yo
e. This is a Workstation
> > Edition issue with /etc/firewalld/firewalld.conf's DefaultZone option.
>
> How is that possible? The workstation installer installs GNOME, right? Can you
> select something else in those ISOs' Anaconda config? If so, why would it
> still pull in GNOME
option.
How is that possible? The workstation installer installs GNOME, right? Can you
select something else in those ISOs' Anaconda config? If so, why would it
still pull in GNOME's firewall zone?
> Funny, the FedoraServer.xml file still has a description "For use in
> public
On Wed, Aug 28, 2019 at 11:23 PM John Harris wrote:
>
> On Wednesday, August 28, 2019 8:13:59 PM MST Christopher wrote:
> > The default firewall config affects every user of that edition, even
> > if they never use GNOME (or even use graphical boot). So, I don't know
> &
On Wednesday, August 28, 2019 8:13:59 PM MST Christopher wrote:
> The default firewall config affects every user of that edition, even
> if they never use GNOME (or even use graphical boot). So, I don't know
> if this would be adequate.
This only affects GNOME users. Workstatio
27;d
> > be a very GNOME-specific thing, and firewalld is not specific to the
> > WM/Desktop.
>
> It might be okay to be a GNOME-specific thing, as that's the only spin of
> Fedora which is affected by this decision.
>
The default firewall config affects every u
On Wed, Aug 28, 2019, at 8:59 PM, John Harris wrote:
> On Wednesday, August 28, 2019 1:35:32 PM MST Colin Walters wrote:
> > FWIW,
> >
> > For Fedora CoreOS we don't enable a firewall by default; see
> > https://github.com/coreos/fedora-coreos-tracker/issues/26
&
On Wednesday, August 28, 2019 1:35:32 PM MST Colin Walters wrote:
> FWIW,
>
> For Fedora CoreOS we don't enable a firewall by default; see
> https://github.com/coreos/fedora-coreos-tracker/issues/26
>
> (Neither for that matter does Fedora Cloud:
> https://pagure
On Wednesday, August 28, 2019 5:46:58 PM MST Christopher wrote:
> A similar idea that would keep it separate from the installer might be
> to offer a dialogue as a "first-boot" action, but that seems like it'd
> be a very GNOME-specific thing, and firewalld is not specific to the
> WM/Desktop.
It
#x27;t related to the firewall, though they may include
changes to the firewall (and blacklisting packages, etc). That's something
much better suited for RHEL and CentOS though. Firewalls are useful
everywhere.
> Again, hyperbole, that cannot be taken seriously, because it does not
>
ted feature that was rejected by FESCo
> https://fedoraproject.org/wiki/Changes/SecurityPolicyInTheInstaller
> https://lists.fedoraproject.org/pipermail/devel/2014-March/19.html
I think the fact that the Workstation WG's proceeded with an
effectively disabled firewall after FESC
On Wednesday, August 28, 2019 12:59:17 PM MST Christopher wrote:
> Yeah, obviously that would be bad. Please don't simply dismiss a
> serious suggestion, because it would be bad in other scenarios or if
> taken to the extreme. This is one specific suggestion, not a proposal
> to accept all similar
to this thread.
> Did the previous working group misunderstand something previously?
It seem so.
> Has new information come to light?
Yes, more people have realized what was done by the GNOME spin.
> Has the GUI firewall app made UI/Ux improvements that might sway the
> working group t
On Wednesday, August 28, 2019 9:05:00 AM MST Tony Nelson wrote:
> Properly packaged Fedora software uses either the D-Bus interface
> at runtime or firewall-cmd in a scriptlet at install time to open any
> needed ports
This is not actually the case. No software, to my knowledge,
On Wed, Aug 28, 2019 at 12:57 PM Christopher wrote:
>
> At the very least, it'd be nice if anaconda had an option to select
> the default firewalld zone during installation,
A somewhat related feature that was rejected by FESCo
https://fedoraproject.org/wiki/Changes/SecurityPolicyInTheInstaller
h
FWIW,
For Fedora CoreOS we don't enable a firewall by default; see
https://github.com/coreos/fedora-coreos-tracker/issues/26
(Neither for that matter does Fedora Cloud:
https://pagure.io/fedora-kickstarts/blob/master/f/fedora-cloud-base.k
On Wed, Aug 28, 2019 at 4:27 PM Adam Williamson
wrote:
> That is talking about the whole idea that having a firewall enabled by
> default is not as important if there are no listening services by
> default; at that point you can make the argument that installing a
> service that
rusts the Workstation WG to properly research and
> develop a sensible firewall solution and will stay out of the way. (+5,
> 3, -0) (sgallagh, 18:40:04)
> """
>
> <https://pagure.io/fesco/issue/1372#comment-27998>
>
> It reads to me like an affirmati
t has been explicitly stated in this thread that they have never had
> any intention of doing anything further, even though that was FESCo's clear
> expectation.
>
>
> In January 2015, FESCo said:
>
> """
> AGREED: FESCo trusts the Workstation WG to properly r
of doing anything
further, even though that was FESCo's clear expectation.
In January 2015, FESCo said:
"""
AGREED: FESCo trusts the Workstation WG to properly research and
develop a sensible firewall solution and will stay out of the way. (+5,
3, -0) (sgallagh, 18
On Wed, Aug 28, 2019 at 1:01 PM Chris Murphy wrote:
>
> On Wed, Aug 28, 2019 at 9:36 AM John Harris wrote:
>
> > Essentially disabling the firewall falls under having a "bad design for
> > everyone else". Disabling the firewall is something that could be con
On Wed, Aug 28, 2019 at 9:36 AM John Harris wrote:
> Essentially disabling the firewall falls under having a "bad design for
> everyone else". Disabling the firewall is something that could be considered
> hostile to the user.
This is hyperbole, and turning up the volume
document, so one can read
it
> not in part, but in full?
https://fedoraproject.org/wiki/Workstation/Technical_Specification
The discussion and decision to not include firewall-config (GUI
configuration application for firewalld) by default, five years ago
https://lists.fedoraprojec
On Wednesday, August 28, 2019 2:45:37 AM MST Björn Persson wrote:
> If an attacker guesses your passphrase, then it's your weak passphrase
> that allows them to break in.
No. Having it wide open to the network means it can be broken, even through
brute force if necessary.
> (That said, I'd be in
;
> > > > On Tue, Aug 27, 2019 at 4:22 AM, John Harris <
> > > > joh...@splentity.com>
> > > > wrote:
> > > >
> > > > > No, that is not how this works, at all. First, let's go ahead
> > > > > and
>
t; > wrote:
> > > > No, that is not how this works, at all. First, let's go ahead
> > > > and
> > > > address the
> > > > idea that "if the firewall blocks it, the app breaks, so it's
> > > > the
> > > >
John Harris wrote:
> Consider this. Our default ssh config, under your firewall config, would
> allow
> any system on any network your system is connected to to break in.
Only if you have chosen a worthless passphrase. Fedora's default SSHD
configuration – on those spins where SS
On Tuesday, August 27, 2019 10:03:51 PM MST Chris Murphy wrote:
> https://fedoraproject.org/wiki/Workstation/Technical_Specification
>
> The discussion and decision to not include firewall-config (GUI
> configuration application for firewalld) by default, five years
On Tue, 2019-08-27 at 17:11 -0700, John Harris wrote:
> Workstation ships with sshd enabled by default, unless something has changed.
It doesn't. This was definitely a conscious decision related to the
firewall policy. See
/usr/lib/systemd/system-preset/80-workstation.preset , where
art, but in full?
https://fedoraproject.org/wiki/Workstation/Technical_Specification
The discussion and decision to not include firewall-config (GUI
configuration application for firewalld) by default, five years ago
https://lists.fedoraproject.org/archives/list/desk...@lists.
ra-release/blob/f23/f/fedora-release.spec
>
> The Workstation technical specification document says in part:
Where is the full technical specification document, so one can read it
not in part, but in full?
>
> A firewall in its default configuration may not interfere with the
>
idered the graphical tool the main way
of interacting with the firewall, and it was the cli tool that came
later, yet as far as I recall, Workstation never shipped with this GUI
tool.
The package is firewall-config. On XFCE, App menu -> Administration ->
Firewall. Perfectly normal gr
o.
* Fri Mar 13 2015 Dennis Gilmore - 23-0.4
- add preset file for workstation to disable sshd
https://src.fedoraproject.org/rpms/fedora-release/blob/f23/f/fedora-release.spec
The Workstation technical specification document says in part:
A firewall in its default configuration may not interfere w
On Tuesday, August 27, 2019 5:15:52 PM MST Chris Murphy wrote:
> > > That actually isn't clear at all. And I am the end user and sysadmin.
> > > I'm at home, I have my own AP, but none of the equipment is under my
> > > direct control, it's centrally managed by a company I don't even pay.
> > > So,
t; > Case 4: "Developer in a Large Organization"
> >
> >
> >
> > Are those people we believe do not understand the concepts associated
> > with firewalls?
>
>
> This is exactly what I was alluding to upthread with "developers are a
> larg
> > That actually isn't clear at all. And I am the end user and sysadmin.
> > I'm at home, I have my own AP, but none of the equipment is under my
> > direct control, it's centrally managed by a company I don't even pay.
> > So, is it trustworthy? Maybe. Maybe not. I have no practical way of
> > kn
t;>> On Tue, Aug 27, 2019 at 4:22 AM, John Harris
> >>> wrote:
> >>>
> >>>> No, that is not how this works, at all. First, let's go ahead and
> >>>> address the
> >>>> idea that "if the firewall blocks it, the ap
do.
>
>
> Difficult to run real software ... I don't understand what that means
> or how it manifests. I run all kinds of real software on macOS and it
> works fine.
>
>
> > This sounds like a misunderstanding as to what firewalls, and the various
> > types of fire
On Tue, Aug 27, 2019 at 5:30 PM John Harris wrote:
>
> On Tuesday, August 27, 2019 8:23:01 AM MST Chris Murphy wrote:
> > The firewall on macOS is disabled by default. Therefore I can't agree
> > with any assessment that Fedora Workstation is, on this point alone,
> &g
n't bind
> anything by default, which we do.
Difficult to run real software ... I don't understand what that means
or how it manifests. I run all kinds of real software on macOS and it
works fine.
> This sounds like a misunderstanding as to what firewalls, and the various
> type
This is exactly what I was alluding to upthread with "developers are a
large target audience, in particular for Workstation"
They're clearly safer with FedoraWorkstation zone (default) enabled
than with the firewall disabled. I can't estimate how much safer.
I definitely do no
s the
idea that "if the firewall blocks it, the app breaks, so it's the
firewall's
fault": It's not. If the firewall has not been opened, that just
means it
can't be accessed by remote systems until you EXPLICITLY open that
port, with
the correct protocol, on your fir
MacOS has firewall disabled by default on every iteration.
Luya
On 2019-08-27 4:23 p.m., John Harris wrote:
> On Tuesday, August 27, 2019 8:23:01 AM MST Chris Murphy wrote: >> On Tue, Aug
> 27, 2019 at 6:22 AM Neal Gompa
wrote: >> >>> >>> >>> T
On Tuesday, August 27, 2019 8:23:01 AM MST Chris Murphy wrote:
> The firewall on macOS is disabled by default. Therefore I can't agree
> with any assessment that Fedora Workstation is, on this point alone,
> in some sort of vulnerable state outside that of macOS.
Talked to a cowo
On Tuesday, August 27, 2019 8:23:01 AM MST Chris Murphy wrote:
> On Tue, Aug 27, 2019 at 6:22 AM Neal Gompa wrote:
>
> >
> >
> > The other major non-Linux operating systems do. Both Microsoft Windows
> > and Apple macOS ship with active firewalls by default.
&g
ne that connection to the public zone.
> >
>
> Yeah, the WIFI case can be as simple as that: let the use choose the
> default zone. Public means closed firewall, otherwise the workstation
> zone can be as it is now. This protects the user from big mistakes as
> unintend
1 - 100 of 920 matches
Mail list logo
