On Aug 2 14:37 jdd wrote (excerpt):
Le 02/08/2011 14:21, Johannes Meixner a écrit :
If I understand you correctly, I wonder why you need a firewall on client stations in an trusted internal network?
the wiki page quoted in the beginning say that it's always better to have one
Yes, http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings reads "to be on the safe side ... when whatever kind of server process was started by accident" but there is also -------------------------------------------------------------------- If your host is connected only to a trusted internal network where a dedicated firewall machine protects the whole internal network, you may switch off the firewall on your host. ... If your router-box supports private IP addresses together with NAT (and if there is no security flaw in the router-box), your hosts are in a trusted internal network where the the router-box is a dedicated firewall machine which protects your whole internal network so that you may even switch off the firewall on your hosts (provided you trust your router-box). ... When the CUPS print server process is the only server process which runs on the workstation, opening its IPP port 631 removes effectively any firewall protection from the workstation. -------------------------------------------------------------------- I was asking "from what do you like to protect client stations in a trusted network?" I meant against which actual threats (describe some examples please) do you like to protect your client stations when you run a firewall in your trusted network but open ports for the services which you use in your trusted network? Doing this removes effectively any firewall protection so that there is no reason to have the firewall at all. Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer