redhat-config-securitylevel vs redhat-config-firewall?
James Drabb
JDrabb at tampabay.rr.com
Wed Oct 8 00:23:20 UTC 2003
On Tue, 2003-10-07 at 20:12, Jack Bowling wrote:
> On Tue, Oct 07, 2003 at 05:59:14PM -0600, Tommy McNeely wrote:
> > On Tue, 07 Oct 2003 18:14:05 -0500, Paul Morgan wrote:
> >
> > > On Tue, 2003-10-07 at 17:44, Jack Bowling wrote:
> > >> [quoted text muted]
> > >
> > > But only if it provides robust firewall editing and configuration
> > > capabilities. Until then it is not really a firewall configurator.
> >
> >
> > This is true... I cant find the "checkbox" to allow in cups traffic
> > (tcp/631?) I just turned the firewall off ... i was only playing anyhow,
> > and this is on the internal network for now. it needs the ability to
> > add/edit/delete services that are to be allowed in *like the OSX firewall* :)
>
> IMHO, the number of services enabled in a standard RH install is
> shockingly huge. I totally agree that it should be the exact opposite of
> the current scheme: lock it down and let the user enable necessary services. In fact, i would argue that this is one of the main failings of a standard RH
> install.
I totally agree, there is not a real need for sendmail on a desktop PC.
Most desktop users will use Evolution, Mozilla Mail, KMail, etc. which
handle the SMTP and POP, so there is no reason for a MTA. I am not
suggesting removing it, just disable it and make *sure* that it is not
an open relay and will only handle mail for localhost. Maybe even
consider switching out sendmail due to their security history for
another MTA.
On the firewall side, has anyone thought about including FireStarter by
default? I think that is a nice little package IMO. I shows you when
it blocks traffic in real-time and lets you update the firewall very
easily, it even sets up NAT so easily that any noobie could do it.
Just my $0.02.
--
James Drabb
Senior Programmer Analyst
Davenport, FL USA
More information about the test
mailing list