On 4/28/25 3:59 AM, Barry Scott wrote:
On 28 Apr 2025, at 04:44, home user <mattis...@comcast.net> wrote:
What I get:
# firewall-cmd --list-all
FedoraWorkstation (default, active)
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces: eno1
sources:
services: dhcpv6-client samba-client ssh
ports: 1025-65535/udp 1025-65535/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
#
Ok you are open to the internet if you are running services that
listening on the open ports.
You need to set the zone to a less open zone, public was suggested,
or edit FedoraWorkstation to remove the open ports.
There was a big discussion when that policy was created for the
workstation install. All system services are below 1025. The higher
ports were left open deliberately to allow user applications to be able
to listen if necessary. But as you say, there are other policies if you
really want to block them all.
--
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
