Changes/Workstation Disable Firewall
(Change announced on 2014-04-15)
(Change Proposal ready for 2014-04-23 FESCo meeting (#1301))
|Line 76:||Line 76:|
Revision as of 14:28, 22 April 2014
Workstation: Disable firewall
The firewalld service will not be enabled by default in the workstation product.
- Name: Matthias Clasen
- Email: firstname.lastname@example.org
- Release notes owner:
- Product: Workstation
- Responsible WG: Workstation
- Targeted release: Fedora 21
- Last updated: 2014-04-03
- Tracker bug: <will be assigned by the Wrangler>
The current level of integration into the desktop and applications does not justify enabling the firewalld service by default. Additionally, the set of zones that we currently expose is excessive and not user-friendly. Therefore, we will disable the firewall service while we are working on a more user-friendly way to deal with network-related privacy issues.
It will of course still be possible to enable the firewall manually.
Benefit to Fedora
The Workstation will boot faster, and the firewall will not interfere with sharing protocols such as DAAP, UPnP and others.
- Proposal owners:
- Other developers: Add a Workstation-specific service configuration (preset ?) to the firewalld package that disables firewalld for the Workstation product
- Release engineering: No action required
- Policies and guidelines: No action required
Existing systems will keep their service configuration, including the enabled-by-default firewall.
How To Test
- Install the Workstation.
- Log in
- run systemctl status firewalld.service
- expected result: the service is not active
Applications that are using sharing protocols such as DAAP or UPnP will work out of the box, without the need to tweak or disable the firewall service.
- Contingency mechanism: If the firewalld service can not be disabled, install a simplified set of firewall zones, ideally just 'Home', 'Public' and 'Unknown', and ensure that networks are placed into the 'Home' zone by default
- Contingency deadline: F21 beta
- Blocks release? No
- Blocks product? Workstation
This upstream bug discusses improved network privacy handling.
The firewalld service is not enabled by default for the Workstation product. To enable it, run systemctl enable firewalld.service.