Bug 1417685 - Ports 1025:65535 tcp/udp opened by default
Summary: Ports 1025:65535 tcp/udp opened by default
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: firewalld
Version: 25
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-30 16:26 UTC by Milan Zink
Modified: 2017-01-30 16:58 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-01-30 16:58:35 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
Live ISO Fedora25 install - firewall rules (708.84 KB, image/png)
2017-01-30 16:26 UTC, Milan Zink
no flags Details

Description Milan Zink 2017-01-30 16:26:23 UTC
Created attachment 1245922 [details]
Live ISO Fedora25 install - firewall rules

Description of problem:

Why are these ports opened by default?

[liveuser@localhost-live ~]$ sudo firewall-cmd --list-all
FedoraWorkstation (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens3
  sources: 
  services: dhcpv6-client mdns samba-client ssh
  ports: 1025-65535/udp 1025-65535/tcp


Version-Release number of selected component (if applicable):
Fedora 25, live install session, fresh OS install

How reproducible:
Install Fedora 25 from ISO, run firewall-cmd --list-all

Steps to Reproduce:
1. Boot Fedora 25 from iso image
2. run: firewall-cmd --list-all
3. Install to local drive
4. run: firewall-cmd --list-all

Actual results:
ports: 1025-65535/udp 1025-65535/tcp opened by default

Expected results:
I believe that this ports should not be opened by default.

Additional info:

Comment 1 Thomas Woerner 2017-01-30 16:58:35 UTC
The workstation zone has been requested by the workstation team and any change for this zone needs to be requested there.

Please have a look at:

https://pagure.io/fesco/issue/1372
https://bugzilla.redhat.com/show_bug.cgi?id=1172353


Note You need to log in before you can comment on or make changes to this bug.