On Wed, 2005-03-09 at 11:18 -0500, Mark Haney wrote: > ---- > SP2 firewall was kind of necessary addition - but of course there are > lots of users that can't configure it. It's not very hard to configure > at all. > > Craig > > I agree it's NOT hard to configure. However you get the issues noted in the original post quite often with SP2 firewall on. It likes to block _outgoing_ ports as well as incoming ports even when you tell it not to. I am all for saving the end user from themselves, but I think that's a bit much. ---- I'm suspecting that you aren't aware that INCOMING and OUTGOING rules are part and parcel of iptables/netfilter as well (omitting for a second FORWARDING). No 'firewall' would really be a firewall if it didn't cover both types. The 'system-config-security' tool rather glosses over these issues - the distinction of inbound/outbound/forward rules - it's somewhat of a ignorant tool. Thus it is not a matter of Windows Firewall from XP SP2 being a bit much for the Windows end user - but rather a matter of being a proper tool. Starting with NT4, Windows has had packet filtering at the network adapter level and that was clumsy to use and probably inefficient. But discussing Windows on this message base is entirely off topic - I just thought it necessary to straighten out this mis-information since people are so eager to blame Microsoft for their own lack of knowledge of the processes involved. Craig
