On Tue, Nov 1, 2022 at 10:26 AM Ben Beasley wrote:
> I haven’t looked deeply into Portmaster, but in general:
>
To add to Ben's nice summary, I'm potentially interested but TBH I have two
$DAYJOBS and have never packaged a GO project to date. Hopefully someone
else will chime in?
Thanks,
Packaging Guidelines, and if there is someone who has the time and interest to
package and maintain it in Fedora, then it would of course be a welcome
addition.
– Ben Beasley (FAS music)
On Tue, Nov 1, 2022, at 6:42 AM, martin luther wrote:
> https://github.com/safing/portmaster
> it is a firewa
https://github.com/safing/portmaster
it is a firewall app with nice gui just like glasswire but it is opensource
with some vpn features also hence it can be included they provide a .rpm app so
it can easily published in fedora repo
https://updates.safing.io/latest/linux_amd64/packages/portmaster
handle this:
>
> 1. have every app bind to null, and hope the firewall filters out
> dangerous accesses. You'll get a *lot* of app collisions, because every
> app will fight for 443 ownership. And as soon as the firewall is down,
> the king has no clothes.
>
> 2. have every app bin
via vlans, binding, teaming, etc).
Having every single networked app handle dynamic network changes on its
own does not scale.
There are not so many ways to handle this:
1. have every app bind to null, and hope the firewall filters out
dangerous accesses. You'll get a *lot* of app collisions
ption on ports. So, while the software may be open to all
> ports
> because of the code itself, that is often not the intention. Many programs
> just bind all interfaces, and expect that you'll configure your firewall to
> whatever should be able to access the network service it's
On Tue, Sep 3, 2019 at 12:26 AM John Harris wrote:
> There is not a single service in Fedora that is broken by the firewall
> running. You simply have to open the port before it can be accessed from a
> remote system, which is by design. Basic access control, a security feature.
expected to result in the service
> being up and running. If you 'systemctl start' your service and the
> firewall breaks it, that's just annoying.
>
> Michael
There is not a single service in Fedora that is broken by the firewall
running. You simply have to open the port before it can
is works, at all. First, let's go ahead and
>>>> address the
>>>> idea that "if the firewall blocks it, the app breaks, so it's the
>>>> firewall's
>>>> fault": It's not. If the firewall has not been opened, that just
>>>> means
>
>>>>
>>>> Well the thing is, blocknig ports tends to break applications that want
>>>> to use those ports. We're not going to do that, period. It also doesn't
>>>> really accomplish anything: either your app or service needs network
>>>> access
ba,
> > or Tomcat, Jenkins, or anything else.
>
> Well that's why installed network services are disabled by default in
> Fedora, unless the package receives an exception from FESCo. This isn't
> Debian where installing a package is expected to result in the service
> being
in
Fedora, unless the package receives an exception from FESCo. This isn't
Debian where installing a package is expected to result in the service
being up and running. If you 'systemctl start' your service and the
firewall breaks it, that's just annoying.
Michael
___
On Sat, Aug 31, 2019 at 7:04 PM John Harris wrote:
>
> On Friday, August 30, 2019 5:16:25 AM MST Nico Kadel-Garcia wrote:
> > > On Aug 29, 2019, at 9:41 PM, John Harris wrote:
> > >
> > >
> > >> On Thursday, August 29, 2019 8:12:22 AM MST Dan Book wrote:
> > >> I would agree, but people do
On Friday, August 30, 2019 5:16:25 AM MST Nico Kadel-Garcia wrote:
> > On Aug 29, 2019, at 9:41 PM, John Harris wrote:
> >
> >
> >> On Thursday, August 29, 2019 8:12:22 AM MST Dan Book wrote:
> >> I would agree, but people do install multiple desktops after installing
> >> a
> >> spin. Such a
gt;
> The potential compromise I see might involve exposing firewall zones in
> some well-considered and thoughtful way, including a rethink of what is
> blocked and allowed by the zones, and an understanding of what the goal
> of having each zone is. That would have to be done in both gn
t bind all interfaces, and expect that you'll configure your firewall to
whatever should be able to access the network service it's serving.
Programs that don't intend to listen on every interface generally don't bind
only to one interface, though they should. Especially not proprietary
softwa
be implemented without much complexity, though.
Thank you for giving the idea at least a little consideration, though,
and not outright dismissing it.
The potential compromise I see might involve exposing firewall zones in
some well-considered and thoughtful way, including a rethink of what is
blocked
If anybody with a good memory or interest in thread archaeology wants
to investigate, I believe there was actually some problem with some
specific tools used by web developers that were broken by the previous
firewall configuration.
Michael
___
devel ma
On Thu, Aug 29, 2019 at 06:54:48PM -0700, John Harris wrote:
> Workstation is only the primary product because somebody decided GNOME was
> the best default. This should be reconsidered, so that the various Spins,
This is backwards. We (the Fedora Board) at the time, asked for a team to
develop
> On Aug 29, 2019, at 9:41 PM, John Harris wrote:
>
>> On Thursday, August 29, 2019 8:12:22 AM MST Dan Book wrote:
>> I would agree, but people do install multiple desktops after installing a
>> spin. Such a use case needs to be considered (not sure if it matters,
>> though).
>
> This is
John Harris wrote:
> Thing is, binding a port and expecting it to be open to every network
> interface you've got are two very different things.
Once again John Harris is completely wrong. The bind system call is
precisely how a program specifies which network interfaces it wants to
open a
On Thursday, August 29, 2019 3:50:19 AM MST Iñaki Ucar wrote:
> Responding to the first message because I'm not interested in further
> discussion. It's clear to me that there will be no agreement in this
> matter unless there are reasonable potential alternatives. Therefore,
> this message is
On Thursday, August 29, 2019 1:11:02 PM MST Chris Murphy wrote:
> On Thu, Aug 29, 2019 at 12:24 AM Chris Murphy
> wrote:
> >
> >
> > Debian has a permissive firewall
> > https://wiki.debian.org/DebianFirewall
>
>
> And Ubuntu, Mint, elementary, MX Linux, S
really accomplish anything: either your app or service needs network
> > access and you have whitelisted it (in which case the firewall provides
> > no security), or it needs network access and you have not whitelisted
> > it (in which case your firewall breaks your app/service).
On Thursday, August 29, 2019 5:29:32 PM MST Christopher wrote:
> Workstation is the primary product. Some choose that not for GNOME...
> but because they want to start with the most base product and
> customize from there. If you start with a Spin, you may get something
> pre-configured in a very
> >>> It might be okay to be a GNOME-specific thing, as that's the only spin
> >>> of
> >>> Fedora which is affected by this decision.
> >>>
> >>>
> >>>
> >> The default firewall config affects every user of that edition,
On Thursday, August 29, 2019 8:12:22 AM MST Dan Book wrote:
> I would agree, but people do install multiple desktops after installing a
> spin. Such a use case needs to be considered (not sure if it matters,
> though).
This is definitely not the ideal scenario, especially not from the case of the
ic thing, as that's the only spin of
> >>> Fedora which is affected by this decision.
> >>>
> >> The default firewall config affects every user of that edition, even
> >> if they never use GNOME (or even use graphical boot). So, I don't know
> >> i
On Thu, Aug 29, 2019 at 4:12 PM Chris Murphy wrote:
>
> On Thu, Aug 29, 2019 at 12:24 AM Chris Murphy wrote:
> >
> > Debian has a permissive firewall
> > https://wiki.debian.org/DebianFirewall
>
> And Ubuntu, Mint, elementary, MX Linux, Solus, pop!_OS, as well. By
On Thu, Aug 29, 2019 at 12:24 AM Chris Murphy wrote:
>
> Debian has a permissive firewall
> https://wiki.debian.org/DebianFirewall
And Ubuntu, Mint, elementary, MX Linux, Solus, pop!_OS, as well. By
permissive, they all accept everything. Nothing is rejected or
dropped.
Mageia, and op
On 8/29/2019 8:10 AM, Adam Williamson wrote:
On Wed, 2019-08-28 at 23:13 -0400, Christopher wrote:
On Wed, Aug 28, 2019 at 8:56 PM John Harris wrote:
It might be okay to be a GNOME-specific thing, as that's the only spin of
Fedora which is affected by this decision.
The default firewall
it (in which case the firewall provides
> no security), or it needs network access and you have not whitelisted
> it (in which case your firewall breaks your app/service). In no case
> does it increase your security without breaking your app, right? Unless
> you have malware installed
p.
> > >
> > > It might be okay to be a GNOME-specific thing, as that's the only spin
> of
> > > Fedora which is affected by this decision.
> > >
> >
> > The default firewall config affects every user of that edition, even
> > if they never use GNOME (or eve
a dialogue as a "first-boot" action, but that seems like it'd
> > > be a very GNOME-specific thing, and firewalld is not specific to the
> > > WM/Desktop.
> >
> > It might be okay to be a GNOME-specific thing, as that's the only spin of
> > Fedora which is
get accepted and implemented,
we could eventually bring back this discussion and reach some
consensus.
Iñaki
On Mon, 26 Aug 2019 at 14:40, Vitaly Zaitsev via devel
wrote:
>
> Hello all.
>
> Is it okay that firewall is completely disabled by default (opened all
> ports 1025-6
Debian has a permissive firewall
https://wiki.debian.org/DebianFirewall
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en
nstallations and configuration using the same Workstation
> ISO, and you can also just open a new TTY (e.g. Ctrl+Alt+F3),
> customize your system, and reboot without ever logging in to GNOME.
I don't know how that would possibly pull in the GNOME Spin's firewall config,
if you select a diff
tion
> > Edition issue with /etc/firewalld/firewalld.conf's DefaultZone option.
>
> How is that possible? The workstation installer installs GNOME, right? Can you
> select something else in those ISOs' Anaconda config? If so, why would it
> still pull in GNOME's firewall zone?
[SNIP]
We'r
ible? The workstation installer installs GNOME, right? Can you
select something else in those ISOs' Anaconda config? If so, why would it
still pull in GNOME's firewall zone?
> Funny, the FedoraServer.xml file still has a description "For use in
> public areas" while FedoraWork
On Wed, Aug 28, 2019 at 11:23 PM John Harris wrote:
>
> On Wednesday, August 28, 2019 8:13:59 PM MST Christopher wrote:
> > The default firewall config affects every user of that edition, even
> > if they never use GNOME (or even use graphical boot). So, I don't know
> > i
On Wednesday, August 28, 2019 8:13:59 PM MST Christopher wrote:
> The default firewall config affects every user of that edition, even
> if they never use GNOME (or even use graphical boot). So, I don't know
> if this would be adequate.
This only affects GNOME users. Workstation = G
> > be a very GNOME-specific thing, and firewalld is not specific to the
> > WM/Desktop.
>
> It might be okay to be a GNOME-specific thing, as that's the only spin of
> Fedora which is affected by this decision.
>
The default firewall config affects every user of tha
On Wed, Aug 28, 2019, at 8:59 PM, John Harris wrote:
> On Wednesday, August 28, 2019 1:35:32 PM MST Colin Walters wrote:
> > FWIW,
> >
> > For Fedora CoreOS we don't enable a firewall by default; see
> > https://github.com/coreos/fedora-coreos-tracker/issues/26
> &
On Wednesday, August 28, 2019 1:35:32 PM MST Colin Walters wrote:
> FWIW,
>
> For Fedora CoreOS we don't enable a firewall by default; see
> https://github.com/coreos/fedora-coreos-tracker/issues/26
>
> (Neither for that matter does Fedora Cloud:
> https://pagure.io/f
On Wednesday, August 28, 2019 5:46:58 PM MST Christopher wrote:
> A similar idea that would keep it separate from the installer might be
> to offer a dialogue as a "first-boot" action, but that seems like it'd
> be a very GNOME-specific thing, and firewalld is not specific to the
> WM/Desktop.
It
t related to the firewall, though they may include
changes to the firewall (and blacklisting packages, etc). That's something
much better suited for RHEL and CentOS though. Firewalls are useful
everywhere.
> Again, hyperbole, that cannot be taken seriously, because it does not
> withstan
eature that was rejected by FESCo
> https://fedoraproject.org/wiki/Changes/SecurityPolicyInTheInstaller
> https://lists.fedoraproject.org/pipermail/devel/2014-March/19.html
I think the fact that the Workstation WG's proceeded with an
effectively disabled firewall after FESCo rejected
On Wednesday, August 28, 2019 12:59:17 PM MST Christopher wrote:
> Yeah, obviously that would be bad. Please don't simply dismiss a
> serious suggestion, because it would be bad in other scenarios or if
> taken to the extreme. This is one specific suggestion, not a proposal
> to accept all similar
ous working group misunderstand something previously?
It seem so.
> Has new information come to light?
Yes, more people have realized what was done by the GNOME spin.
> Has the GUI firewall app made UI/Ux improvements that might sway the
> working group to re-evaluate?
Possibly, but that doesn
On Wednesday, August 28, 2019 9:05:00 AM MST Tony Nelson wrote:
> Properly packaged Fedora software uses either the D-Bus interface
> at runtime or firewall-cmd in a scriptlet at install time to open any
> needed ports
This is not actually the case. No software, to my knowled
On Wed, Aug 28, 2019 at 12:57 PM Christopher wrote:
>
> At the very least, it'd be nice if anaconda had an option to select
> the default firewalld zone during installation,
A somewhat related feature that was rejected by FESCo
https://fedoraproject.org/wiki/Changes/SecurityPolicyInTheInstaller
FWIW,
For Fedora CoreOS we don't enable a firewall by default; see
https://github.com/coreos/fedora-coreos-tracker/issues/26
(Neither for that matter does Fedora Cloud:
https://pagure.io/fedora-kickstarts/blob/master/f/fedora-cloud-base.ks#_36
On Wed, Aug 28, 2019 at 4:27 PM Adam Williamson
wrote:
> That is talking about the whole idea that having a firewall enabled by
> default is not as important if there are no listening services by
> default; at that point you can make the argument that installing a
> service
the Workstation WG to properly research and
> develop a sensible firewall solution and will stay out of the way. (+5,
> 3, -0) (sgallagh, 18:40:04)
> """
>
> <https://pagure.io/fesco/issue/1372#comment-27998>
>
> It reads to me like an affirmation of
t has been explicitly stated in this thread that they have never had
> any intention of doing anything further, even though that was FESCo's clear
> expectation.
>
>
> In January 2015, FESCo said:
>
> """
> AGREED: FESCo trusts the Workstation WG to properly resear
of doing anything
further, even though that was FESCo's clear expectation.
In January 2015, FESCo said:
"""
AGREED: FESCo trusts the Workstation WG to properly research and
develop a sensible firewall solution and will stay out of the way. (+5,
3, -0) (sgallagh, 18:40:0
On Wed, Aug 28, 2019 at 1:01 PM Chris Murphy wrote:
>
> On Wed, Aug 28, 2019 at 9:36 AM John Harris wrote:
>
> > Essentially disabling the firewall falls under having a "bad design for
> > everyone else". Disabling the firewall is something that could be con
On Wed, Aug 28, 2019 at 9:36 AM John Harris wrote:
> Essentially disabling the firewall falls under having a "bad design for
> everyone else". Disabling the firewall is something that could be considered
> hostile to the user.
This is hyperbole, and turning up the volume
document, so one can read
it
> not in part, but in full?
https://fedoraproject.org/wiki/Workstation/Technical_Specification
The discussion and decision to not include firewall-config (GUI
configuration application for firewalld) by default, five years ago
https://lists.fedoraprojec
On Wednesday, August 28, 2019 2:45:37 AM MST Björn Persson wrote:
> If an attacker guesses your passphrase, then it's your weak passphrase
> that allows them to break in.
No. Having it wide open to the network means it can be broken, even through
brute force if necessary.
> (That said, I'd be
;
> > > > On Tue, Aug 27, 2019 at 4:22 AM, John Harris <
> > > > joh...@splentity.com>
> > > > wrote:
> > > >
> > > > > No, that is not how this works, at all. First, let's go ahead
> > > > > and
> >
t; > wrote:
> > > > No, that is not how this works, at all. First, let's go ahead
> > > > and
> > > > address the
> > > > idea that "if the firewall blocks it, the app breaks, so it's
> > > > the
> > > > firew
John Harris wrote:
> Consider this. Our default ssh config, under your firewall config, would
> allow
> any system on any network your system is connected to to break in.
Only if you have chosen a worthless passphrase. Fedora's default SSHD
configuration – on those spins where SSHD is
On Tuesday, August 27, 2019 10:03:51 PM MST Chris Murphy wrote:
> https://fedoraproject.org/wiki/Workstation/Technical_Specification
>
> The discussion and decision to not include firewall-config (GUI
> configuration application for firewalld) by default, five years
On Tue, 2019-08-27 at 17:11 -0700, John Harris wrote:
> Workstation ships with sshd enabled by default, unless something has changed.
It doesn't. This was definitely a conscious decision related to the
firewall policy. See
/usr/lib/systemd/system-preset/80-workstation.preset , where s
art, but in full?
https://fedoraproject.org/wiki/Workstation/Technical_Specification
The discussion and decision to not include firewall-config (GUI
configuration application for firewalld) by default, five years ago
https://lists.fedoraproject.org/archives/list/desk...@lists.
f/fedora-release.spec
>
> The Workstation technical specification document says in part:
Where is the full technical specification document, so one can read it
not in part, but in full?
>
> A firewall in its default configuration may not interfere with the
> normal operation of
the graphical tool the main way
of interacting with the firewall, and it was the cli tool that came
later, yet as far as I recall, Workstation never shipped with this GUI
tool.
The package is firewall-config. On XFCE, App menu -> Administration ->
Firewall. Perfectly normal graphical fi
2015 Dennis Gilmore - 23-0.4
- add preset file for workstation to disable sshd
https://src.fedoraproject.org/rpms/fedora-release/blob/f23/f/fedora-release.spec
The Workstation technical specification document says in part:
A firewall in its default configuration may not interfere with the
norm
On Tuesday, August 27, 2019 5:15:52 PM MST Chris Murphy wrote:
> > > That actually isn't clear at all. And I am the end user and sysadmin.
> > > I'm at home, I have my own AP, but none of the equipment is under my
> > > direct control, it's centrally managed by a company I don't even pay.
> > >
;
> > Case 4: "Developer in a Large Organization"
> >
> >
> >
> > Are those people we believe do not understand the concepts associated
> > with firewalls?
>
>
> This is exactly what I was alluding to upthread with "developers are a
> larg
> > That actually isn't clear at all. And I am the end user and sysadmin.
> > I'm at home, I have my own AP, but none of the equipment is under my
> > direct control, it's centrally managed by a company I don't even pay.
> > So, is it trustworthy? Maybe. Maybe not. I have no practical way of
> >
t;>> On Tue, Aug 27, 2019 at 4:22 AM, John Harris
> >>> wrote:
> >>>
> >>>> No, that is not how this works, at all. First, let's go ahead and
> >>>> address the
> >>>> idea that "if the firewall blocks it, the app
nderstand what that means
> or how it manifests. I run all kinds of real software on macOS and it
> works fine.
>
>
> > This sounds like a misunderstanding as to what firewalls, and the various
> > types of firewalls, are. By default, Fedora uses firewalld, which is not
> >
On Tue, Aug 27, 2019 at 5:30 PM John Harris wrote:
>
> On Tuesday, August 27, 2019 8:23:01 AM MST Chris Murphy wrote:
> > The firewall on macOS is disabled by default. Therefore I can't agree
> > with any assessment that Fedora Workstation is, on this point alone,
> > in
o run real software ... I don't understand what that means
or how it manifests. I run all kinds of real software on macOS and it
works fine.
> This sounds like a misunderstanding as to what firewalls, and the various
> types of firewalls, are. By default, Fedora uses firewalld, which is
This is exactly what I was alluding to upthread with "developers are a
large target audience, in particular for Workstation"
They're clearly safer with FedoraWorkstation zone (default) enabled
than with the firewall disabled. I can't estimate how much safer.
I definitely do not want to
the
idea that "if the firewall blocks it, the app breaks, so it's the
firewall's
fault": It's not. If the firewall has not been opened, that just
means it
can't be accessed by remote systems until you EXPLICITLY open that
port, with
the correct protocol, on your firewall. That's FINE. That'
MacOS has firewall disabled by default on every iteration.
Luya
On 2019-08-27 4:23 p.m., John Harris wrote:
> On Tuesday, August 27, 2019 8:23:01 AM MST Chris Murphy wrote: >> On Tue, Aug
> 27, 2019 at 6:22 AM Neal Gompa
wrote: >> >>> >>> >>> T
On Tuesday, August 27, 2019 8:23:01 AM MST Chris Murphy wrote:
> The firewall on macOS is disabled by default. Therefore I can't agree
> with any assessment that Fedora Workstation is, on this point alone,
> in some sort of vulnerable state outside that of macOS.
Talked to a cowo
On Tuesday, August 27, 2019 8:23:01 AM MST Chris Murphy wrote:
> On Tue, Aug 27, 2019 at 6:22 AM Neal Gompa wrote:
>
> >
> >
> > The other major non-Linux operating systems do. Both Microsoft Windows
> > and Apple macOS ship with active firewalls by default.
nfine that connection to the public zone.
> >
>
> Yeah, the WIFI case can be as simple as that: let the use choose the
> default zone. Public means closed firewall, otherwise the workstation
> zone can be as it is now. This protects the user from big mistakes as
> unintend
ecks are usually done by
> firewalls, hence my emphasis on making sure users don't start to disable
> the whole firewall because it is "easier".
Well, some of the IP header checks are done in the kernel, before they get to
the firewall module(s) firewalld uses under the hood (I a
ssume that it's
> > > malicious.
> > > You executed untrusted code. It's already past your firewall. Game
> > > over,
> > > you're infected. You're closing the stable door after the horse has
> > > bolted.
> >
> >
> >
> > Any a
I'm not sure why this isn't clear, but the examples that I provided are far
from the only aspects, and I notice you're only addressing the ones that
require the user to manually run something.
Consider this. Our default ssh config, under your firewall config, would allow
any system on any
> > address the
> > > idea that "if the firewall blocks it, the app breaks, so it's the
> > > firewall's
> > > fault": It's not. If the firewall has not been opened, that just
> > > means it
> > > can't be accessed by remote systems until you EXPLICIT
t come from, what exactly happens
> > >> by accident, and how would a packet filter stop it?
> > >
> > >It could come from anywhere, that's not the point. A *firewall* would stop
> > >it from doing anything too harmful: Opening up the system to the world by
> &
would a packet filter stop it?
> >
> >It could come from anywhere, that's not the point. A *firewall* would stop
> >it from doing anything too harmful: Opening up the system to the world by
> >binding a port, or listening on a UDP port.
>
> If it could come from anywhere, then we
On Tue, 27 Aug 2019 at 13:01, Vitaly Zaitsev via devel
wrote:
>
> On 27.08.2019 18:14, Björn Persson wrote:
> > If it could come from anywhere, then we must assume that it's malicious.
> > You executed untrusted code. It's already past your firewall. Game over,
> > you're
On 27.08.2019 18:14, Björn Persson wrote:
> If it could come from anywhere, then we must assume that it's malicious.
> You executed untrusted code. It's already past your firewall. Game over,
> you're infected. You're closing the stable door after the horse has
> bolted.
Any applica
, and
>> software not run/installed via package manager will give the impression
>> of "just not working".
>
> Why in the world would somebody from the security team recommend opening a
> port on the firewall as the software is installed, before it's even
> config
John Harris wrote:
>On Tuesday, August 27, 2019 5:36:20 AM MST Björn Persson wrote:
>> Please elaborate. Where does the script come from, what exactly happens
>> by accident, and how would a packet filter stop it?
>
>It could come from anywhere, that's not the point. A
For this who can't change their default zone in firewall after installing
Fedora Workstation completely block all ports may result in worse things, like
completely turn off firewall, because they can't run their online video games
for example and some one always advised them to do this.
We
On Tue, Aug 27, 2019 at 6:22 AM Neal Gompa wrote:
>
> The other major non-Linux operating systems do. Both Microsoft Windows
> and Apple macOS ship with active firewalls by default.
The firewall on macOS is disabled by default. Therefore I can't agree
with any assessment that Fedora Wo
Iñaki Ucar píše v Út 27. 08. 2019 v 16:17 +0200:
> On Tue, 27 Aug 2019 at 14:20, wrote:
> > The main competitor of Fedora Workstation is Ubuntu. Ubuntu ships
> > without a firewall enabled and nobody considers this a critical
> > vulnerability. Now: why is that...?
>
use you trust them. As I proposed on another email, bring
> back the NetworkManager zones UI to GNOME Settings, simplified with
> being an option to confine that connection to the public zone.
>
Yeah, the WIFI case can be as simple as that: let the use choose the
default zone. Public
e
resources, yes or no, that's it. If you click "no" or just ignore that
and close the networking applet, the default is "public", and the
firewall is closed.
At any point, if you go back to the networking applet in the task bar,
you see "disconnect" and a "
>>
> >>> On Tue, Aug 27, 2019 at 2:37 PM, Iñaki Ucar
> >>> wrote:
> >>
> >>
> >>
> >>>> There's no need to write "a new style of firewall". It would be as
> >>>> easy as asking the user once whethe
On Tue, 27 Aug 2019 at 14:20, wrote:
>
> The main competitor of Fedora Workstation is Ubuntu. Ubuntu ships without a
> firewall enabled and nobody considers this a critical vulnerability. Now: why
> is that...?
1. Ubuntu Server ships without a firewall enabled. Do you think t
On 8/27/19 10:03 AM, John Harris wrote:
On Tuesday, August 27, 2019 5:35:08 AM MST Robert Marcano wrote:
On 8/27/19 8:18 AM, mcatanz...@gnome.org wrote:
On Tue, Aug 27, 2019 at 2:37 PM, Iñaki Ucar
wrote:
There's no need to write "a new style of firewall". It would be as
easy
1 - 100 of 894 matches
Mail list logo
