On Mon, Dec 06, 2010 at 03:25:30PM -0800, Jesse Keating wrote:
On 12/06/2010 12:18 PM, Tom Lane wrote:
> Jesse Keating <jkeating(a)redhat.com> writes:
>> The argument of default firewall or not would probably quiet down quite
>> a bit if we had any sort of decent UI to help users get the firewall out
>> of their way when they're really trying to do something.
>
> +1. In today's environment, not having a firewall by default is an
> incredibly stupid idea. What we need to do is fix the UI problems,
> not bypass them by dramatically reducing security.
>
> regards, tom lane
I keep seeing claims of "incredibly stupid", and at the same time saying
we need to make it easier to open up ports when they need them. What is
the default firewall protecting me from, if I'm allowed and hand held
through opening up ports on demand?
There's also more to life than TCP ports. UDP ports, ICMP, other
protocols, other unrecognized protocols, packets containing completely
random stuff ... Having a firewall that lets through every TCP port
does still give you protection from this other stuff.
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw