What was the justification? I can understand not interfering with outbound
ports greater than 1024. However, inbound SYN requests should only be
allowed to specific ports (in some cases, from defined sources). In other
words, enumerate the good and deny by default.
On Dec 9, 2014 9:33 AM, "Jan Rusnacko" <jrusnack(a)redhat.com> wrote:
Firewalld in F21 workstation will have opened all tcp and udp ports
On 12/09/2014 03:28 PM, finid(a)vivaldi.net wrote:
> I think I missed what the discussion is all about.
> What is the gist of the "open by default firewall" discussion?
> On 2014-12-09 08:02, Jan Rusnacko wrote:
>> Hey guys,
>> given that there is quite heated discussion about open by default
>> firewall, is this something we want to contribute to (as a team) ? Do
>> you think we a) can and b) should come with a statement and join the
>> discussion ?
>> We started looking into making fedora more secure with PermitRootLogin
>> and this case seems similar (though with opposite outcome).
> security-team mailing list
Jan Rusnacko, Red Hat Product Security
security-team mailing list