home user via users <users@lists.fedoraproject.org> wrote:
> > # firewall-cmd --list-all
> > FedoraWorkstation (default, active)
> >  target: default
> >  ingress-priority: 0
> >  egress-priority: 0
> >  icmp-block-inversion: no
> >  interfaces: eno1
> >  sources:
> >  services: dhcpv6-client samba-client ssh
> >  ports: 1025-65535/udp 1025-65535/tcp
> >  protocols:
> >  forward: yes
> >  masquerade: no
> >  forward-ports:
> >  source-ports:
> >  icmp-blocks:
> >  rich rules:
> > #

Jonathan Billings:
> Let me get this straight….
> 
> You’ve posted both your user’s and root’s hashed passwords to a
> public list, AND mentioned that you’ve got ssh open to the world. I
> imagine your email headers probably also have your IP. 
> Well…

Hmm, I hadn't noticed that he'd posted that password info, I just
glossed over that post, though I do wonder how useful it actually is. 
But, fair enough, he should change it, I'm assuming he didn't just fake
a hash for the post.  If I had to post some example like that I just
finger-dance random keys over the keyboard to fake one.

I was under the impression that they wouldn't have SSH running, though,
as it's a service that usually wasn't on by default.  And their list of
listening services confirmed it wasn't.  A firewall list saying *that*
port isn't blocked doesn't mean there's a service listening.  Though I
would have hoped the default firewall options would have blocked that
service.

I can't say I was that impressed by Fedora's firewall back when I was
on dial-up (many years ago) and the internet had a direct connection to
me.  The default rule was accept rather than block.  I used to have a
script for my firewall, it set the defaults to block, then poked some
specific allows through to suit my needs.  Any time I wanted to change
something, I edited the script and re-ran it.  I could understand it,
and was going to get consistent results from my script being applied.

Looking at the current configurators for the firewall does present a
bewildering list of options, and the help webpages for the firewall are
quite academic.

There's probably an argument for one of those wizard-style
configurators for setting up your firewall.  It doing a quick
assessment of the services you have running, with some *explained*
suggestions for some ports you might want to open, and ones you
probably want closed.

-- 
 
uname -rsvp
Linux 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
 
Boilerplate:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.
 

-- 
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to