Richard W.M. Jones pÃÅe v Po 06. 12. 2010 v 18:04 +0000: > On Mon, Dec 06, 2010 at 11:04:39AM -0500, Matt McCutchen wrote: > > On Mon, 2010-12-06 at 10:54 +0100, MichaÅ Piotrowski wrote: > > > On most desktop systems firewall is not needed. Many users do not even > > > know how to configure it. In fact I disable it in most of my systems, > > > because there is no real use for it. So I asked a simple question > > > whether there is a need to install iptables by default? > > > > > > Your answer is not satisfactory for me - because not configured > > > firewall has nothing to do with security. In fact, it can only bring > > > false sense of security. > > > > I believe the default is to block incoming connections except for a few > > services. This is good if you are running a sloppily written > > single-user server that binds to the wildcard address. The Haskell > > Scion server fell in this category as of August 2009; I didn't look to > > see what a remote user might be able to do to me by connecting to it. > > Yes, the proper way to avoid problems is to bind to localhost, but the > > firewall can be nice. > > It would be nice if the firewall automatically followed services that > I have enabled and disabled. eg. If I explicitly enable the > webserver, it should open the corresponding port(s). Just disable the firewall and you'll get pretty much equivalent functionality. Mirek -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
