Mailinglist Archive: opensuse (1332 mails)
| < Previous | Next > |
Re: [opensuse] Interactive Firewall Needed
- From: "Rajko M." <rmatov101@xxxxxxxxxxx>
- Date: Tue, 5 May 2009 21:27:07 -0500
- Message-id: <200905052127.07809.rmatov101@xxxxxxxxxxx>
On Tuesday 05 May 2009 05:24:05 pm Carlos E. R. wrote:
The request for someone to learn firewall internals in order to open ports is
the same as to ask car owner to know how to tune cars in order to use them.
Some will do that, but majority see car as a way to go from point A to point
B, not a bit more.
Having program that will monitor all ports and notify user that some
application wants to go out is not out of mind. That is way better option then
having all ports closed making application to fail, or forcing user to shut
down the firewall.
What that monitor will do is the same as user will do with much more hassle.
It will record port, destination IP and application name. Notify user and
after, [yes], [yes, log traffic], or [no], perform action.
Currently to do such thing, you probably have to start application, look logs,
note ports, and destinations, open ports and allow traffic to dest. IP in
firewall, run application again.
In general automating processes is purpose of computer.
Advocating hard way of doing things is not really in that spirit.
Taking user security as an argument pro a hard way doesn't make much sense.
No one can protect person that wants to do something stupid. People run
computer as root, go to Internet as root, turn off firewall, use paswordless
login, and so on. Making firewall use hard to those that would like to use it,
but want also applications that work is counterproductive. Some will turn
firewall off, other will erase Linux and go back to OS that has firewall that
doesn't make life harder than it should be.
--
Regards, Rajko
http://news.opensuse.org/category/people-of-opensuse/
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
It seems that you are talking about corporate users, which is a whole
different ballgame. I recall that I was talking about consumers, who do
not have remote support.
But they should!
A user either knows how to properly "admin" the equipment he is using, or
should hire expert help. Same thing as we do for cars, we pay a mechanic
to maintain it.
The request for someone to learn firewall internals in order to open ports is
the same as to ask car owner to know how to tune cars in order to use them.
Some will do that, but majority see car as a way to go from point A to point
B, not a bit more.
Having program that will monitor all ports and notify user that some
application wants to go out is not out of mind. That is way better option then
having all ports closed making application to fail, or forcing user to shut
down the firewall.
What that monitor will do is the same as user will do with much more hassle.
It will record port, destination IP and application name. Notify user and
after, [yes], [yes, log traffic], or [no], perform action.
Currently to do such thing, you probably have to start application, look logs,
note ports, and destinations, open ports and allow traffic to dest. IP in
firewall, run application again.
In general automating processes is purpose of computer.
Advocating hard way of doing things is not really in that spirit.
Taking user security as an argument pro a hard way doesn't make much sense.
No one can protect person that wants to do something stupid. People run
computer as root, go to Internet as root, turn off firewall, use paswordless
login, and so on. Making firewall use hard to those that would like to use it,
but want also applications that work is counterproductive. Some will turn
firewall off, other will erase Linux and go back to OS that has firewall that
doesn't make life harder than it should be.
--
Regards, Rajko
http://news.opensuse.org/category/people-of-opensuse/
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |