Firewall

[Richard W.M. Jones]

On Mon, Dec 06, 2010 at 11:04:39AM -0500, Matt McCutchen wrote:
> On Mon, 2010-12-06 at 10:54 +0100, Michał Piotrowski wrote: 
> > On most desktop systems firewall is not needed. Many users do not even
> > know how to configure it. In fact I disable it in most of my systems,
> > because there is no real use for it. So I asked a simple question
> > whether there is a need to install iptables by default?
> > 
> > Your answer is not satisfactory for me - because not configured
> > firewall has nothing to do with security. In fact, it can only bring
> > false sense of security.
> 
> I believe the default is to block incoming connections except for a few
> services.  This is good if you are running a sloppily written
> single-user server that binds to the wildcard address.  The Haskell
> Scion server fell in this category as of August 2009; I didn't look to
> see what a remote user might be able to do to me by connecting to it.
> Yes, the proper way to avoid problems is to bind to localhost, but the
> firewall can be nice.

It would be nice if the firewall automatically followed services that
I have enabled and disabled.  eg. If I explicitly enable the
webserver, it should open the corresponding port(s).

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://et.redhat.com/~rjones/virt-df/