On 02/27/2019 03:12 AM, Anton Aylward wrote:
Yes there were certainly a number of systems that wrapped Shorewall into a very nice application for a dedicated box. I was never enamoured with the idea of 'personal firewall' on each machine, since I'm a bit old school and agreed that the 'firewall as the networks response to poor host security', the quote some guru or other.
But that was then, this is now; many individuals at their workstations are either idiot or had a passing bout of idiocy that opened them to an attack. They too need to be either isolated or given a 'personal firewall'.
Then, too, there are the 'single machines on the net', users.
So not I think differently. Professionally. But here I have a number of layers before getting to my host, and a lot of my processing isn't done on my host.
Have you looked at https://software.opensuse.org/package/gufw
No, I didn't notice that one. Thanks for the link. I agree that host-based firewalls aren't needed in every situation, but if it's easy, why not? The environment at work has a couple of /16 networks behind a well-maintained security stack. So each host can be exposed to thousands of other machines, most of them Windows! Host-based firewalls make sense here. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org