On 8/2/11 11:39 AM, "Nick Hilliard" <n...@inex.ie> wrote: >On 02/08/2011 13:28, Keith Moore wrote: >> A different idea is that the firewall always work in a very minimal mode >> by default (e.g. it passes no traffic, or maybe only outgoing port 80 >> traffic, but its configuration interface is enabled for the internal >> ports) so that the user must configure it in order to get it to do >> anything useful. > >Each support call into a support centre costs money, and if you scale it >up, any user that ends up calling support is basically losing money for >the >ISP. Yes, margins are that thin. [jjmb] +1 > >Building a firewall that almost guarantees that an end-user will need to >open a support call is both useless to the end-user and financially >harmful >to a service provider. There is no point whatsoever in doing this - it >adds pointless complexity with no measurable return. [jjmb] conversely building a firewall that exposes the provider will also cost in some way shape or form. > >If you want to build a router suitable for Keith Moore, then go out and >customise a WRT54G, or hack a soekris into shape. But don't assume that >most end-users have either the interest or the capability to work out a >good quality security policy for themselves because by-and-large, they >don't. [jjmb] advanced users should buy advance routers so they can do advanced things. > >Nick >_______________________________________________ >v6ops mailing list >v6...@ietf.org >https://www.ietf.org/mailman/listinfo/v6ops
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet