Firewall

[Rodd Clarkson]

On Tue, Dec 7, 2010 at 5:04 AM, Richard W.M. Jones <rjones at redhat.com>wrote:

> On Mon, Dec 06, 2010 at 11:04:39AM -0500, Matt McCutchen wrote:
> > On Mon, 2010-12-06 at 10:54 +0100, Michał Piotrowski wrote:
> > > On most desktop systems firewall is not needed. Many users do not even
> > > know how to configure it. In fact I disable it in most of my systems,
> > > because there is no real use for it. So I asked a simple question
> > > whether there is a need to install iptables by default?
> > >
> > > Your answer is not satisfactory for me - because not configured
> > > firewall has nothing to do with security. In fact, it can only bring
> > > false sense of security.
> >
> > I believe the default is to block incoming connections except for a few
> > services.  This is good if you are running a sloppily written
> > single-user server that binds to the wildcard address.  The Haskell
> > Scion server fell in this category as of August 2009; I didn't look to
> > see what a remote user might be able to do to me by connecting to it.
> > Yes, the proper way to avoid problems is to bind to localhost, but the
> > firewall can be nice.
>
> It would be nice if the firewall automatically followed services that
> I have enabled and disabled.  eg. If I explicitly enable the
> webserver, it should open the corresponding port(s).
>
> Actually, just be a service is running doesn't mean you want it exposed to
the world.  I work as a web developer, so I have httpd running on my system,
but this doesn't me that I want everyone to be able to access this.  My
httpd session is just for personal development and doesn't need to be
exposed just because it's running.


R.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/devel/attachments/20101207/47c5e3f3/attachment.html