The base system does not need a Firewall, according to them, and they might be correct about that or not.
IMHO the point of having a firewall which simply denies all incoming connections is, that once a user starts installing a few programs, sooner or later some of them might open ports, even w/o malicious intent.
If they want to provide an easy to use and secure system, IMHO there should be a firewall and each port has to be opened explicitly.
In the end, this is really down to opinion and there is no objective true answer, so I'd rather use Fedora-Atomic if I need immutability.
IMHO the point of having a firewall which simply denies all incoming connections is, that once a user starts installing a few programs, sooner or later some of them might open ports, even w/o malicious intent.
If they want to provide an easy to use and secure system, IMHO there should be a firewall and each port has to be opened explicitly.
In the end, this is really down to opinion and there is no objective true answer, so I'd rather use Fedora-Atomic if I need immutability.