On Tuesday 05 May 2009 05:24:05 pm Carlos E. R. wrote:
It seems that you are talking about corporate users, which is a whole
different ballgame. I recall that I was talking about consumers, who do not have remote support.
But they should!
A user either knows how to properly "admin" the equipment he is using, or should hire expert help. Same thing as we do for cars, we pay a mechanic to maintain it.
The request for someone to learn firewall internals in order to open ports is the same as to ask car owner to know how to tune cars in order to use them. Some will do that, but majority see car as a way to go from point A to point B, not a bit more. Having program that will monitor all ports and notify user that some application wants to go out is not out of mind. That is way better option then having all ports closed making application to fail, or forcing user to shut down the firewall. What that monitor will do is the same as user will do with much more hassle. It will record port, destination IP and application name. Notify user and after, [yes], [yes, log traffic], or [no], perform action. Currently to do such thing, you probably have to start application, look logs, note ports, and destinations, open ports and allow traffic to dest. IP in firewall, run application again. In general automating processes is purpose of computer. Advocating hard way of doing things is not really in that spirit. Taking user security as an argument pro a hard way doesn't make much sense. No one can protect person that wants to do something stupid. People run computer as root, go to Internet as root, turn off firewall, use paswordless login, and so on. Making firewall use hard to those that would like to use it, but want also applications that work is counterproductive. Some will turn firewall off, other will erase Linux and go back to OS that has firewall that doesn't make life harder than it should be. -- Regards, Rajko http://news.opensuse.org/category/people-of-opensuse/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org