On Sun, Jul 28, 2024 at 8:40 AM Chuck Anderson <c...@fea.st> wrote: > > On Sun, Jul 28, 2024 at 12:49:51PM GMT, Arthur Bols via devel wrote: > > Sure. But why do those ports need to be open by default at all? What is > > the benefit of adding those extra 2 lines? Does it enhance user > > friendliness? I doubt it, as users will still need to open ports for > > e.g. slp or mdsn. What it does is put users at risk. > > dhcpv6-client, samba-client, and ssh are opened by default. Perhaps > mdns should be added to this list. > > > I wouldn't have this conversation if we had no firewall rules like arch > > or Debian, but we do. We even go as far as install and enable Firewalld > > by default. As far as I know Fedora is positioning itself as a > > beginner-friendly Linux distro, thus we should strive to protect users. > > Enabling a firewall that blocks traffic up to port 1024 is strange and > > confusing, especially for security minded beginners. > > Historically, "privileged services" run on ports 0-1024. The idea was > to protect those privileged services, while keeping 1025-65535 open > for developers to develop applications using those ports.
Unfortunately nowadays privileged production-grade services run by default on ports above 1024, so the distinction is somewhat meaningless. :( -- 真実はいつも一つ!/ Always, there's only one truth! -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
