On 02/09/11 11:20, Ed W wrote: > ... >> I have mixed feelings about omnibus macros like this; I think they >> encourage naive users to open many more ports than are really needed. > There is an argument that for some naive users they can also *reduce* > the number of ports if big "recipe" macros are available, because if > it's not easy to figure out, then those naive users tend to open great > swathes of ports instead..? > ... > Actually, tell you where I have seen this fail - I'm seen some wifi > hotspots that appear to want to *block* email, but they only remembered > to block half the ports... "Mail(REJECT)" as a rule is likely to be a > win for the naive user - I bet otherwise few would remember about > Submission/IMAPS/POPS...
My feelings about this are entirely unmixed: if you're a naive user, you shouldn't be configuring firewalls. I almost don't use macros at all - i configure the exact numeric ports for nearly all services. Paul ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
