Just giving a quick read to the notes in that entry of the Fedora Wiki, it dawned in my mind (it hit me like a rock, in fact) that surely many of those GNU/Linux boxes 0wn3d by crackers out there, are running Fedora. Sure, netfilter is enabled by default, but that only goes to show the inherent weakness (phoniness?) of the security philosophy used. Simplicity and parsimony are the landmark of well thought-out solutions, hypothesis and theories.
And no, I’m not cuttting any slack to the other big players of the distro wars. Neither Debian nor SUSE, nor Mandriva, much less PCLinuxOS, have truly lock down default network setups; I can’t comment much on the other 500 distros out there. Ubuntu gets closer but it should give weenies the addition of a locked down and licked up netfilter configuration so they can shoot themselves in the foot. Oh! There is a Google Summer of Code project to address exactly that. Expect questions like: “I installed the firewall and now I can’t download my pr0n”.