Setting the default firewall configuration (was Re: Attention, dependency fighters)
Reindl Harald
h.reindl at thelounge.net
Thu Nov 15 18:23:34 UTC 2012
Am 15.11.2012 19:16, schrieb Miloslav Trmač:
> (as far as I understand the situation:) iptables as a kernel
> interface and a low-level command will exist, but applications will
> expect the existence of the firewalld D-Bus service (as opposed to the
> system-config-firewall D-Bus service, at least; I'm not sure what this
> implies about systems where the firewalld D-Bus service is not
> available), and firewall-cmd, not iptables, will be the recommended
> user tool
and this is the reason why i say CAUTIOn
i do not want nor can i accept anything on MY machines
expect anything to deal with iptables-rules. i am the only
on e instance to define what is open and closed and with
which REJECT or DROP answer what is closed
nobody and nothing has to touch this dynamically
if a application needs a port open i am the one to open it and
if not you can be sure there is a good reason why it stays
closed - the reason is security and professional it-managment
i am responsible for my data, comanies data and data of many
customers so i have to be the instance to control every piece
of software - on servers and static setups there is no need for
dynmaic connifurations - the opposite is true: you need to disable
and close ANYTHING and allow NOTHING where you are not 100% sure
that you aware what is done
these things will not change tomorrow nor in 20 years and the
palces where they are changed you read regulary in the newspaper
because intrusions and security leaks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20121115/93e04c51/attachment.sig>
More information about the devel
mailing list