On 2 August 2011 13:21, Johannes Meixner <jsmeix@suse.de> wrote:
my ISP box have two interfaces: extenal (to the ISP server in the phone company building) and internal (my private network and the printer)
I assume that "private network" also means "trusted network".
If I understand you correctly, I wonder why you need a firewall on client stations in an trusted internal network?
In other words: From what do you like to protect client stations in a trusted network?
One incident that comes from personal experience, was in a "trusted" company network. Basically I got port scanned from the Internet Gateway host, which caused a minor incident, certainly some alarm until the scan was explained. Furthermore in any shared network, you may be exposed by others with different requirements. As a result it became clear that a "trusted" corporate network, wasn't really to be trusted. Some effort was warranted, pro Practical security is a trade off, and is a multi-layer thing; so I could quite imagine apparently contradictory requirements of wishing to use some auto-discovery, then operate with minimal permissions once the service is found. Remember the most secure computer is the one that's turned off, turning it on is a risk but necessary to actually get something done with it. Regards Rob -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org