|
|
Subscribe / Log in / New account

Fedora 21 and its Workstation firewall

Fedora 21 and its Workstation firewall

Posted Dec 19, 2014 0:07 UTC (Fri) by sjj (guest, #2020)
In reply to: Fedora 21 and its Workstation firewall by meyert
Parent article: Fedora 21 and its Workstation firewall

Yes, and I find the "protected by corporate firewall" excuse pretty damn feeble.

- have they actually worked in small/midsize companies and observed security practices? Hint: not great.
- do they ever use their laptop in a coffee shop?
- are there no students using Fedora?
- why should I lower my shields and be vulnerable to my cow-orkers' machines?

to post comments

Fedora 21 and its Workstation firewall

Posted Dec 19, 2014 5:15 UTC (Fri) by mcatanzaro (subscriber, #93033) [Link] (3 responses)

- have they actually worked in small/midsize companies and observed security practices? Hint: not great.

Indeed, but we don't believe the looser firewall is significantly less secure.

- do they ever use their laptop in a coffee shop?

This is why sharing is only enabled on a per-network basis, as mentioned in the article.

- are there no students using Fedora?

Hi, me. Last year, I wasted an hour trying to figure out why my network program worked on other distros but not Fedora. Eventually I realized that the firewall was to blame, but it was a frustrating experience and I was getting ready to give up on Fedora by the end of it. P.S. I'm a Fedora developer, so imagine how well NORMAL students would react to this.

- why should I lower my shields and be vulnerable to my cow-orkers' machines?

Well, as mentioned in the article, no services are listening on these ports by default, so it makes no difference. If you install such a service AND manually enable it (Fedora requires almost all network services to be disabled by default when installed) then you presumably want it to work, no?

Fedora 21 and its Workstation firewall

Posted Dec 23, 2014 3:36 UTC (Tue) by sjj (guest, #2020) [Link] (2 responses)

OK, so I did an upgrade to 21. I can live with it, now that I know about the change. Not that I would have known about it had I only read Fedora 21 release notes.

Seriously, a big change in default security policy, and no mention in the release notes? I searched for "fire" - did I miss it?

Fedora 21 and its Workstation firewall

Posted Dec 23, 2014 4:21 UTC (Tue) by mchapman (subscriber, #66589) [Link] (1 responses)

> OK, so I did an upgrade to 21. I can live with it, now that I know about the change. Not that I would have known about it had I only read Fedora 21 release notes.

It is mentioned at http://docs.fedoraproject.org/en-US/Fedora/21/html/Releas... .

Note also that if you have previously associated a particular firewall zone with your network connections, then those settings will be carried across the upgrade. The new zones are only used for connections that have not had a specific zone set.

In my opinion there is a bug here. The firewalld-config-workstation package (and the corresponding packages for the other Fedora products) will not replace your firewalld.conf, and hence this default zone, upon package upgrades... but the firewalld-config-workstation package is *new*, which means it's not being treated as an upgrade.

Fedora 21 and its Workstation firewall

Posted Dec 23, 2014 20:26 UTC (Tue) by sjj (guest, #2020) [Link]

Thanks, I must have looked in the wrong sections.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds