Firewall

Stephen John Smoogen smooge at gmail.com
Mon Dec 6 23:42:30 UTC 2010 

On Mon, Dec 6, 2010 at 16:25, Jesse Keating <jkeating at redhat.com> wrote:
> On 12/06/2010 12:18 PM, Tom Lane wrote:
>> Jesse Keating <jkeating at redhat.com> writes:
>>> The argument of default firewall or not would probably quiet down quite
>>> a bit if we had any sort of decent UI to help users get the firewall out
>>> of their way when they're really trying to do something.
>>
>> +1.  In today's environment, not having a firewall by default is an
>> incredibly stupid idea.  What we need to do is fix the UI problems,
>> not bypass them by dramatically reducing security.
>>
>>                       regards, tom lane
>
> I keep seeing claims of "incredibly stupid", and at the same time saying
> we need to make it easier to open up ports when they need them.  What is
> the default firewall protecting me from, if I'm allowed and hand held
> through opening up ports on demand?
>

Ports that you don't know are open to the network but are somehow available.

Let us put this conversation slightly different... how many of us
remember password-less package install? It all sounded like a good
idea with people who are going to be on the system already being able
to do what they want so why ask for a password. However how did it get
seen in the end? Fedora comes RootKit enabled and other fluff.

I am trying to think how this one will play out:

"Ten years ago, Linux distros were cutting edge by coming with a
firewall enabled. Now Fedora is going to cut the edge in a new way...
no firewall wanted."

Yes there are a lot of good ideas and reasons.. I think that first
though a tool to deal with firewalls and THEN we can talk about what
firewalls need to be removed.

[And no I am not trying for 2 weeks of LWN quotes as tempting it will
be. (alright alright I am .. it is just so addicting)]



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

More information about the devel mailing list