[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Firewall and user services that needs open ports

On Sun, Jun 22, 2008 at 3:53 PM, Chuck Anderson <cra wpi edu> wrote:
On Sun, Jun 22, 2008 at 12:06:44PM -0700, Andrew Farris wrote:
> Izhar Firdaus wrote:
> There is no service which requires a firewall to be turned off... that does
> not exist.  What they require is configuration to function with the
> firewall on. Improvement of the firewall configuration tool would certainly
> be a good step forward, and perhaps more automated configuration via upnp,
> but turning it off is definitely the wrong move... no matter what service
> you're trying to get through it.

Why do we need a firewall when you can easily prevent services from
being accessed...just stop the service!  Don't bind to the port, and
it won't be possible to connect to it.

Yes, the correct thing to do for local security is use something like selinux to prevent things from binding to interfaces/ports they shouldn't be binding to in the first place. Using iptables for this is a completely unsustainable hack. iptables firewalling is for machines that route packets to other machines.

Unfortunately for some reason network devices are exempt from the "everything is a file" architecture thus don't recieve the benefit of the pre-existing filesystem access control architecture.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]