[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: What I HATE about F11



On Sun, Jun 14, 2009 at 20:08:31 +0200,
  Lennart Poettering <mzerqung 0pointer de> wrote:
> 
> enabled by default, like we currently do. If an application cannot be
> trusted then it should not be allowed to listen on a port by default
> in the first place. A firewall is an extra layer of security that
> simply hides the actual problem.

The point of the firewall is to block connections to services that are
only supposed to be connected from trusted locations. This may be things
you are testing, don't intend to be running, don't bind to 127.0.0.1 instead
of 0.0.0.0, even though they are intended to be accessed from the local
machine, or services that you only want to accept connections from a white
list of IP addresses.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]