Re: The state of firewall management...

From: Graham Lyon <graham lyon gmail com>
To: networkmanager-list gnome org
Subject: Re: The state of firewall management...
Date: Tue, 23 Jun 2009 17:50:58 +0100

I'll agree that if your system doesn't have ports open by default then you're fine, but if for instance your package manager pulls in mysql or postfix or similar as a dependency for some package that doesn't really need it to use its network capabilities then having the ability to turn on a firewall in public wifi networks for instance that blocks all traffic to those services would be a bonus, in my opinion. Also, you're right, firewall vendors try to push everyone to have a firewall and so, as a result, a lot of users aren't happy with the idea that there is no firewall on their system because they have been indocterinated into the idea that they must have one ;)

2009/6/22 Marc Herbert <Marc Herbert gmail com>

Hi Graham,

Graham Lyon a écrit :

> Firewalls, for the average end user, should "just work". A great many linux
> distros don't come with a firewall configured by default and there is no
> default mechanism for interfacing with a firewall and opening ports etc for
> any software to use.

The reason for this by the way, is that most Linux distros do not need
a firewall at all. That is because unlike other systems, they are not
insecure by default. I mean that most desktop distros do not have a
number of useless and insecure daemons listening to the network by
default. When ports are already closed by default then you obviously
do not need the complexity of a firewall to "double-close" them!

Sorry for ranting but I am a bit tired of the "everyone needs a
firewall" bullshit. That is simply wrong (and probably pushed very
hard by firewall vendors). Closer to the truth is: "everyone running a
system insecure by default needs a firewall patch on top of it".

So, while the average desktop Linux user simply does not need a
firewall and is more than happy with the best firewall interface ever
invented (= no firewall at all) *some* other users might need a
firewall and would certainly find useful what you are suggesting. Good
luck.

Cheers,

Marc

PS: I have left for years a Windows 2000 system on-line without any
firewall and without any problem. BUT I had explicitly disabled most
network services beforehand. It was shamelessly far from easy to
achieve, see for instance this:
http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html

_______________________________________________
NetworkManager-list mailing list
NetworkManager-list gnome org
http://mail.gnome.org/mailman/listinfo/networkmanager-list

References:
- The state of firewall management...
  - From: Graham Lyon
- Re: The state of firewall management...
  - From: Marc Herbert

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]