On 2020-02-21 13:34, Samuel Sieb wrote: > On 2/20/20 7:47 PM, Ed Greshko wrote: >> Oh, never mind. Wrong system. The "default" rules for FedoraWorkstationso >> seem "odd". > > Not really. > >> [root@f31m ~]# firewall-cmd --info-zone=FedoraWorkstation >> FedoraWorkstation >> target: default >> icmp-block-inversion: no >> interfaces: >> sources: >> services: dhcpv6-client samba-client ssh >> ports: 1025-65535/udp 1025-65535/tcp > > Any critical system daemons are 1024 and below. The reason the high ports > are left open is for user applications to be able to communicate without > users having to figure out the firewall.
Yeah, which is the reason for quotes around odd. I understand the reasoning to make it easier on users. It is just something I wouldn't have done. I can envision someone configuring a service to run on the higher ports which can be compromised and then disables selinux because they run into it trying to protect them. Maybe I shouldn't pity them. :-) -- The key to getting good answers is to ask good questions. _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
