On Thu, 2007-09-13 at 18:41 -0400, Chuck Anderson wrote: > On Fri, Sep 14, 2007 at 12:38:04AM +0200, David Woodhouse wrote: > > On Thu, 2007-09-13 at 22:12 +0200, Till Maas wrote: > > > It circumenvents iptables rules. > > > > IPv6 doesn't 'circumvent' iptables rules any more than IPv4 > > 'circumvents' ip6tables rules. > > > > Besides, http://www.advogato.org/person/dwmw2/diary/164.html > > +1. Firewalls just break connectivity and are a handicap that enables > people to be lazy about system security. And don't get me started on > NAT :-) -1. Firewalls are a mandatory access control system like SELinux. Their purpose is to prevent (certain kinds of) connectivity outside of the services they are shielding. You can easily log blocked connection attempts. Following your argument, one could say that "SELinux just breaks functionality and is a handicap that enables developers to be lazy about system security". Which it isn't. Both are additional lines of defense. Nils -- Nils Philippsen / Red Hat / nphilipp@xxxxxxxxxx "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." -- B. Franklin, 1759 PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011 -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
