Re: The state of firewall management...

[Marc Herbert <Marc Herbert gmail com>]

Hi Graham,

Graham Lyon a écrit :
> Firewalls, for the average end user, should "just work". A great many linux
> distros don't come with a firewall configured by default and there is no
> default mechanism for interfacing with a firewall and opening ports etc for
> any software to use.

The reason for this by the way, is that most Linux distros do not need
a firewall at all. That is because unlike other systems, they are not
insecure by default. I mean that most desktop distros do not have a
number of useless and insecure daemons listening to the network by
default. When ports are already closed by default then you obviously
do not need the complexity of a firewall to "double-close" them!

Sorry for ranting but I am a bit tired of the "everyone needs a
firewall" bullshit. That is simply wrong (and probably pushed very
hard by firewall vendors). Closer to the truth is: "everyone running a
system insecure by default needs a firewall patch on top of it".

So, while the average desktop Linux user simply does not need a
firewall and is more than happy with the best firewall interface ever
invented (= no firewall at all) *some* other users might need a
firewall and would certainly find useful what you are suggesting. Good
luck.

Cheers,

Marc


PS: I have left for years a Windows 2000 system on-line without any
firewall and without any problem. BUT I had explicitly disabled most
network services beforehand. It was shamelessly far from easy to
achieve, see for instance this:
http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html