Jesse Keating píše v Po 06. 12. 2010 v 11:00 -0800:
Right, I always struggle with this. If you allow services that bind
to
a port once enabled to have the port open, then what good does it do to
have the port closed?
I really wonder what real purpose a firewall serves on these machines.
Once you get past the "ZOMG WE NEED A FIREWALL"....
I can see the following primary reasons to have a firewall:
* Enforcing a sysadmin-set (system-wide or site-wide) policy.
"No, you will not run any bittorrent client on the company's
computer".
* A "speed bump" that requires an independent action to prevent
unintentionally opening up a service.
"You have started $server, and it accepts connections from the
whole internet. Here's your chance to think about this again.
Do you want to open the port?"
* ZOMG WE NEED A FIREWALL
"I can't use this Linux thing, my bank requires me to run an
antivirus and a firewall."
Are there other reasons?
Mirek