mitr at volny.cz
Mon Dec 6 19:09:29 UTC 2010
Jesse Keating píše v Po 06. 12. 2010 v 11:00 -0800:
> Right, I always struggle with this. If you allow services that bind to
> a port once enabled to have the port open, then what good does it do to
> have the port closed?
> I really wonder what real purpose a firewall serves on these machines.
> Once you get past the "ZOMG WE NEED A FIREWALL"....
I can see the following primary reasons to have a firewall:
* Enforcing a sysadmin-set (system-wide or site-wide) policy.
"No, you will not run any bittorrent client on the company's
* A "speed bump" that requires an independent action to prevent
unintentionally opening up a service.
"You have started $server, and it accepts connections from the
whole internet. Here's your chance to think about this again.
Do you want to open the port?"
* ZOMG WE NEED A FIREWALL
"I can't use this Linux thing, my bank requires me to run an
antivirus and a firewall."
Are there other reasons?
More information about the devel