![](https://seccdn.libravatar.org/avatar/b4047644c59f2d63b88e9464c02743fd.jpg?s=120&d=mm&r=g)
On Mon, Jun 23, 2008 at 12:42 PM, Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Monday 2008-06-23 at 08:21 -0700, John Andersen wrote:
On Mon, Jun 23, 2008 at 5:04 AM, Carlos E. R. <> wrote:
And it would be a real mistake for suse to disable the firewall by default: there is no way for them to know if the user's router is reliable or not.
Explain again why Linux needs a firewall at all please Carlos...
No, ask that to a security expert, I'm not. I simply believe it's safer with one, and I trust the experts when they say it's safer with one.
At least, it's another level of security, and a good one at its job.
Well the question was intended to be somewhat rhetorical, to provoke some thought. I'm not a security expert, but I play one for sake of argument..... In My Humble Opinion... If the machine is a router/gateway, you need it. If the machine is behind a router, you don't need it. If the machine is Joe User connected directly to the internet and Joe is not sharing files etc, you don't need it. Reason: Suse is not Red Hat. With Red Hat, after install, you have to run around closing ports and unused services to make your machine safe. With Suse nothing is open unless you request it to be open. The "another level" argument is valid providing there is a first level (another router) somewhere upstream. But it provides no additional protection to Joe User connected directly to the net. There is one slight difference between having a firewall and not, and that is when someone tries to connect to a firewalled port it usually just times out (packet dropped), whereas a without a firewall, you get Connection Refused (no port open) Some think that's a big difference, (because with Connection Refused you know there is an actual machine out there). But any number of other methods would reveal that in either case. I think a lot of Microsoft FUD has crept into the linux world. Microsoft needs a firewall because they have weak services listening on dozens of ports with no distinction between one interface or another. Once you allow a hole thru the firewall the same weak service answers the phone. Linux has strong services, and good security and the services themselves can usually decide to listen only to specific interfaces. Hardware firewalls are almost always running Linux. If linux needed a firewall it wouldn't be suitable to write one with. So that's my humble opinion. Now I'm sure someone with doomsday scenarios will jump up and prove me wrong. (Again). ;-) -- ----------JSA--------- "Ubuntu" is an African word meaning "Suse is too hard for me". -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org