Hi,
very belated posting...missed all the discssuions about the firewall change for product=workstation while on vacation.
How is the KDE spin handling this? Does it inherit all the settings from "workstation"? Will it develop its own default firewall policy?
Richard
--- Name and OpenPGP keys available from pgp key servers
Il 08/mar/2015 15:33 "Richard Z" rz@linux-m68k.org ha scritto:
Does it inherit all the settings from "workstation"?
No
Richard Z wrote:
How is the KDE spin handling this? Does it inherit all the settings from "workstation"? Will it develop its own default firewall policy?
We inherit the distro-wide "non-product" defaults, which are NOT the same as the "Workstation" defaults. Those "non-product" defaults that we also ship on the KDE Spin are the same as in previous releases: only mDNS is open for incoming connections by default. And of course DHCP, including DHCPv6. (On non-live spins also sshd (incoming SSH), but that gets disabled on the live images, as in the past.) Outgoing ports are all open by default, as they have always been. We do NOT open thousands of incoming ports by default as the GNOME "Workstation" "Product" spin does.
Kevin Kofler
On Mon, Mar 09, 2015 at 11:14:35PM +0100, Kevin Kofler wrote:
Richard Z wrote:
How is the KDE spin handling this? Does it inherit all the settings from "workstation"? Will it develop its own default firewall policy?
We inherit the distro-wide "non-product" defaults, which are NOT the same as the "Workstation" defaults. Those "non-product" defaults that we also ship on the KDE Spin are the same as in previous releases: only mDNS is open for incoming connections by default. And of course DHCP, including DHCPv6. (On non-live spins also sshd (incoming SSH), but that gets disabled on the live images, as in the past.) Outgoing ports are all open by default, as they have always been. We do NOT open thousands of incoming ports by default as the GNOME "Workstation" "Product" spin does.
thanks for the clarification, I am glad KDE has sane defaults.
Richard
--- Name and OpenPGP keys available from pgp key servers
Am 11.03.2015 um 16:15 schrieb Markus Slopianka:
On Wednesday 11 March 2015 13:08:05 Richard Z wrote:
thanks for the clarification, I am glad KDE has sane defaults.
I don't think blocking KDE Connect by default is sane for the KDE spin. ;-)
it is
*no port* has to be opened on a sane default period
On Wed, Mar 11, 2015 at 04:15:59PM +0100, Markus Slopianka wrote:
On Wednesday 11 March 2015 13:08:05 Richard Z wrote:
thanks for the clarification, I am glad KDE has sane defaults.
I don't think blocking KDE Connect by default is sane for the KDE spin. ;-)
did you add your opinion here https://bugs.kde.org/show_bug.cgi?id=345066 and/or the mentioned Fedora ticket?
Luckilly a hole for KDE Connect can be opened without disabling the firewall completely (*) but in my opinion even this small hole should not be opened on all networks.
(*) unlike the rygel UPnP protocol which is the reason why Gnome abandoned the firewall alltogether
Richard
--- Name and OpenPGP keys available from pgp key servers
-
Germano Massullo -
Kevin Kofler -
Markus Slopianka -
Reindl Harald -
Richard Z