From 30c2a0d96594e37f64cb2097edf898eb6f7124ee Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Tue, 26 Sep 2023 23:18:15 -0700
Subject: [PATCH] Update content/posts/linux/Desktop Linux Hardening.md

Co-authored-by: wj25czxj47bu6q <96372288+wj25czxj47bu6q@users.noreply.github.com>
Signed-off-by: Tommy <contact@tommytran.io>
---
 content/posts/linux/Desktop Linux Hardening.md | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/content/posts/linux/Desktop Linux Hardening.md b/content/posts/linux/Desktop Linux Hardening.md
index 6bdc0a7..54b01ff 100644
--- a/content/posts/linux/Desktop Linux Hardening.md	
+++ b/content/posts/linux/Desktop Linux Hardening.md	
@@ -247,11 +247,7 @@ firewall-cmd --add-service=dhcpv6-client --permanent
 firewall-cmd --reload
 ```
 
-On some distributions, `--set-default-zone` might be whitelisted by default which leads to bypasses. To disable this, turn on lockdown mode for `firewalld`:
-
-```
-sudo firewall-cmd --lockdown-on
-```
+On some distributions, it may be possible for unauthorized users or applications to make firewall changes through polkit. To disable this, enable firewalld _lockdown mode_ with `sudo firewall-cmd --lockdown-on`.
 
 These firewalls use the [netfilter](https://netfilter.org/) framework and therefore cannot (without the help of strict [mandatory access control](#mandatory-access-control)) protect against malicious software running privileged on the system, which can insert their own routing rules that sidestep firewalld/ufw.