(Change Proposal ready for 2014-04-23 FESCo meeting (#1301)) |
(Change rejected by FESCo on 2014-04-23 meeting - see FESCo ticket) |
||
Line 76: | Line 76: | ||
[[Category: | [[Category:ChangePageIncomplete]] | ||
[[Category:SystemWideChange]] | [[Category:SystemWideChange]] |
Latest revision as of 11:38, 24 April 2014
Workstation: Disable firewall
Summary
The firewalld service will not be enabled by default in the workstation product.
Owner
- Name: Matthias Clasen
- Email: mclasen@redhat.com
- Release notes owner:
- Product: Workstation
- Responsible WG: Workstation
Current status
- Targeted release: Fedora 21
- Last updated: 2014-04-03
- Tracker bug: <will be assigned by the Wrangler>
Detailed Description
The current level of integration into the desktop and applications does not justify enabling the firewalld service by default. Additionally, the set of zones that we currently expose is excessive and not user-friendly. Therefore, we will disable the firewall service while we are working on a more user-friendly way to deal with network-related privacy issues.
It will of course still be possible to enable the firewall manually.
Benefit to Fedora
The Workstation will boot faster, and the firewall will not interfere with sharing protocols such as DAAP, UPnP and others.
Scope
- Proposal owners:
- Other developers: Add a Workstation-specific service configuration (preset ?) to the firewalld package that disables firewalld for the Workstation product
- Release engineering: No action required
- Policies and guidelines: No action required
Upgrade/compatibility impact
Existing systems will keep their service configuration, including the enabled-by-default firewall.
How To Test
- Install the Workstation.
- Log in
- run systemctl status firewalld.service
- expected result: the service is not active
User Experience
Applications that are using sharing protocols such as DAAP or UPnP will work out of the box, without the need to tweak or disable the firewall service.
Dependencies
No dependencies.
Contingency Plan
- Contingency mechanism: If the firewalld service can not be disabled, install a simplified set of firewall zones, ideally just 'Home', 'Public' and 'Unknown', and ensure that networks are placed into the 'Home' zone by default
- Contingency deadline: F21 beta
- Blocks release? No
- Blocks product? Workstation
Documentation
This upstream bug discusses improved network privacy handling.
Release Notes
The firewalld service is not enabled by default for the Workstation product. To enable it, run systemctl enable firewalld.service.