So, having been busy with a procurement exercise this week and having failed in my battle to get into work in the face of a howling gale and flurries of snow I decided to sit down Coffee in hand and catch up on my email. Not the bori^h^h^h important work email but some of the mailing lists that I’m subscribed to.
Nothing very interesting or controversial until I get to this thread
https://lists.fedoraproject.org/pipermail/devel/2014-December/205010.html
It would appear that the newly minted Fedora 21 workstation ships with firewalling disabled above port 1024. If you’re not aware of the significance of port 1024, is the first port that can be used by non root processes. If you’re at home safely ensconced behind an ADSL type router with a sensible firewall this probably makes a lot of sense. If you’re going to use fedora in Informatics……not so much. This means that if you fire up a myslq database then there will be nothing between it and the rest of the network.
I’d advise changing to something more secure like
firewalld-cmd –set-default FedoraServer
or if you;re really paranoid
firewalld-cmd –set-default block
I’m not sure what the “work” zone allows but an Informatics zone might be an idea.