Les Mikesell wrote:
On Wed, 2005-05-11 at 06:00, Claude Jones wrote:
Are you saying there's no iptables? THAT would be very scary.
No, I'm not saying that - iptables is there. And you could quickly code
something, but that's not something a relative newcomer like myself would
know how to do quickly. Kind of flies in the face of ubuntu's ease-of-use
philosophy. I think I understand their thinking on it, but I still think it
would be preferable to allow the user at least the basic security choices
that FC does on install.
Firewalls on hosts that aren't doing routing are just there to cover
up mistakes. That is, if you don't have a service listening for
a connection you won't accept connections with or without a firewall.
If you do have a service running, you will need a hole in the firewall
to let the associated connections through anyway. Firewalls only
help if you start services that you don't want to work.
Or if you want some services to just be available to clients X, Y, and
Z. Or if you want your machine to be unpingable. Or if you want to
implement port knocking. Or if you want to block eventual,
yet-to-be-discovered flood attacks.
I'm sure I forgot lots of other uses.
