On 12/06/2010 11:09 AM, Miloslav TrmaÄ wrote: > Jesse Keating pÃÅe v Po 06. 12. 2010 v 11:00 -0800: >> Right, I always struggle with this. If you allow services that bind to >> a port once enabled to have the port open, then what good does it do to >> have the port closed? >> >> I really wonder what real purpose a firewall serves on these machines. >> Once you get past the "ZOMG WE NEED A FIREWALL".... > > I can see the following primary reasons to have a firewall: > > * Enforcing a sysadmin-set (system-wide or site-wide) policy. > > "No, you will not run any bittorrent client on the company's > computer". That's an excellent reason for being able to deploy a firewall. Not really sure this is a good reason for having a firewall configured by default on personal installs. > > * A "speed bump" that requires an independent action to prevent > unintentionally opening up a service. > > "You have started $server, and it accepts connections from the > whole internet. Here's your chance to think about this again. > Do you want to open the port?" Yet we don't have that kind of UI present. So instead now we have people trying to turn on services, having it not work, and spending time / energy fiddling with config files before they finally realize it was the firewall. Then they just turn it off and grumble. At least the other OS gives you a pop up to let some service through, although there are problems with that too. > > * ZOMG WE NEED A FIREWALL > > "I can't use this Linux thing, my bank requires me to run an > antivirus and a firewall." Fair enough, again reasons for being capable of having one, but not convinced it's needed by default. (I realize I wasn't making a default or not argument in my first email) > > Are there other reasons? > Mirek > -- Jesse Keating Fedora -- Freedom is a feature! identi.ca: http://identi.ca/jkeating -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
