On 2019-02-27 11:25 a.m., Lew Wolfgang wrote:
On 02/27/2019 03:12 AM, Anton Aylward wrote:
Yes there were certainly a number of systems that wrapped Shorewall into a very nice application for a dedicated box. [...]
Have you looked at https://software.opensuse.org/package/gufw
No, I didn't notice that one. Thanks for the link.
I agree that host-based firewalls aren't needed in every situation, but if it's easy, why not? The environment at work has a couple of /16 networks behind a well-maintained security stack. So each host can be exposed to thousands of other machines, most of them Windows! Host-based firewalls make sense here.
Indeed. The "most of them windows!" is the definitive indictment, isn't it? Hopefully many here are educate enough if firewall design and certified as such, but there are LOTS of books on firewalls. Too many, so lets go back to basics. The Chapma/Zwicky 'authority' from O'Reiley dates from 1995, the peak of the DotComBoom just before the Crash. https://www.oreilly.com/library/view/building-internet-firewalls/1565928717/... Bob Ziegler out of Nokia wrote the book on Linux Firewalls which was much better illustrated is a lot more digestible even if the low-level commands are about 'ipchains' :-) Is there an updated version? If there is I can recmmend it. There are others from O'Reilly with more amusing covers. "Firewalls and Internet Security: Repelling the Wily Hacker" Especially the first edition with "You must be this tall to storm castle" -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org