Le 03/08/2011 09:15, Johannes Meixner a écrit :
Of course there are particular cases where opening a particular port makes sense but in general opening ports make the firewall useless.
I fear not to understand this. A port opening break security only if the daemon listening have bugs, isn't it? Almost any server have the ssh port open, if not how can you manage it? so opening a port lower the security, yes, but do not make it null. Of course, the more ports openned, the more daemon have to be trusted and can have bugs. The problem of "trusted" networks in home or small company network is childs and guests. Most of the time the network is really to be trusted, but childs may accidentally break the security (installing trojan) or hack for fun. Guests may also come home with cracked computers and ask for connection. But all this is not common nor a 24/24 7/7 risk. So if child's computer is shut off and you have no guest, the network is safe. But stopping the firewall mean also forgetting to restart it... Stopping it on one port, with warning, once in a while, dont seems so frightening jdd -- http://www.dodin.net http://www.youtube.com/user/jdddodinorg http://jdd.blip.tv/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org