On Mon, Dec 06, 2010 at 08:09:29PM +0100, Miloslav TrmaÄ wrote: > I can see the following primary reasons to have a firewall: > * Enforcing a sysadmin-set (system-wide or site-wide) policy. > "No, you will not run any bittorrent client on the company's > computer". > > * A "speed bump" that requires an independent action to prevent > unintentionally opening up a service. > > "You have started $server, and it accepts connections from the > whole internet. Here's your chance to think about this again. > Do you want to open the port?" The question implies some sort of GUI pop-up. More likely is the incidental installation of something. Does Gnome still pull in Apache for peer-to-peer filesharing? Or some other package misconfigured to listen when it shouldn't. Installing a firewall by default contributes to defense in depth at relatively little cost. > * ZOMG WE NEED A FIREWALL > "I can't use this Linux thing, my bank requires me to run an > antivirus and a firewall." And don't underestimate that need -- more places than banks have similar requirements. > Are there other reasons? Programs like fail2ban use the packet filter to block aggressive brute-force attempts. But I don't think any of them require an existing configuration of some sort -- they just do their own thing on top of whatever is there. -- Matthew Miller <mattdm@xxxxxxxxxx> Senior Systems Architect -- Instructional & Research Computing Services Harvard School of Engineering & Applied Sciences -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
