[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Samba & IPTables



On Sat, 2 Aug 2003, Charles Bronson wrote:

> Dag Wieers wrote:
>
> > Maybe a personal firewall approach is needed. Just like it pop-ups a 
> > yes/no dialog box for every outgoing or incoming connection such a program 
> > could pop-up and ask to allow incoming calls for certain listen ports.
> > (The moment a program listens on a port an event is triggered)
>
> I will refer back to my point about explaining to laymen first of all what a 
> "port" is and then what each requested port is used for.

They don't actually need to know what a port is and certainly not know any 
port numbers. People understand that when they are doing something 
network-related and a pop-up appears, it is related.

And of course the pop-up explains what is going on and if you want to 
allow it temporarily or permanent. And at any time you can go through the 
ruleset and the application explains for each rule what it is about.

It is a great tool to learn more about networking.

 
> > And then you can decide to allow it from a single address, a network 
> > range or decide to allow it on a case by case basis.
>
> This dips heavily into understanding the complexities of TCP/IP network addressing.

It doesn't have to. I'm not making this up, this software exists and is 
used already by people that don't fully understand the complexities of 
TCP/IP network adressing.

Zonealarm, Norton Personal Firewall, Symantec Desktop Firewall, 
Firestarter (Linux), ... Sure it's better if they do understand everything 
fully and have a major etc etc. That's not what this thread is about.

 
> > That's probably what 'Home Users' would expect anyway. The current 
> > iptables firewall from Red Hat is a basic tool and limited in 
> > functionality.
>
> This statement is just plain wrong. IPTables is a VERY powerful tool. Are you 
> maybe referring to the firewall configuration tool? If so it is sufficiently 
> functional for a home user although using it properly would definitely be beyond 
> a laymen.

Lokkit is a very limited tool. It is not functional for most of the home 
users and I don't think it is intended to be. Someone in this thread 
already refered to it (not supporting samba).

--   dag wieers,  dag wieers com,  http://dag.wieers.com/   --
[Any errors in spelling, tact or fact are transmission errors]




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]