On Tue, Dec 7, 2010 at 5:04 AM, Richard W.M. Jones <rjo...@redhat.com>wrote:
> On Mon, Dec 06, 2010 at 11:04:39AM -0500, Matt McCutchen wrote: > > On Mon, 2010-12-06 at 10:54 +0100, Michał Piotrowski wrote: > > > On most desktop systems firewall is not needed. Many users do not even > > > know how to configure it. In fact I disable it in most of my systems, > > > because there is no real use for it. So I asked a simple question > > > whether there is a need to install iptables by default? > > > > > > Your answer is not satisfactory for me - because not configured > > > firewall has nothing to do with security. In fact, it can only bring > > > false sense of security. > > > > I believe the default is to block incoming connections except for a few > > services. This is good if you are running a sloppily written > > single-user server that binds to the wildcard address. The Haskell > > Scion server fell in this category as of August 2009; I didn't look to > > see what a remote user might be able to do to me by connecting to it. > > Yes, the proper way to avoid problems is to bind to localhost, but the > > firewall can be nice. > > It would be nice if the firewall automatically followed services that > I have enabled and disabled. eg. If I explicitly enable the > webserver, it should open the corresponding port(s). > > Actually, just be a service is running doesn't mean you want it exposed to the world. I work as a web developer, so I have httpd running on my system, but this doesn't me that I want everyone to be able to access this. My httpd session is just for personal development and doesn't need to be exposed just because it's running. R.
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel