On Mon, Dec 06, 2010 at 11:04:39AM -0500, Matt McCutchen wrote:
On Mon, 2010-12-06 at 10:54 +0100, MichaĆ Piotrowski wrote:
> On most desktop systems firewall is not needed. Many users do not even
> know how to configure it. In fact I disable it in most of my systems,
> because there is no real use for it. So I asked a simple question
> whether there is a need to install iptables by default?
>
> Your answer is not satisfactory for me - because not configured
> firewall has nothing to do with security. In fact, it can only bring
> false sense of security.
I believe the default is to block incoming connections except for a few
services. This is good if you are running a sloppily written
single-user server that binds to the wildcard address. The Haskell
Scion server fell in this category as of August 2009; I didn't look to
see what a remote user might be able to do to me by connecting to it.
Yes, the proper way to avoid problems is to bind to localhost, but the
firewall can be nice.
It would be nice if the firewall automatically followed services that
I have enabled and disabled. eg. If I explicitly enable the
webserver, it should open the corresponding port(s).
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://et.redhat.com/~rjones/virt-df/