On 2023-05-02 08:11, Per Jessen wrote:
Carlos E. R. wrote:
On 2023-05-01 19:28, Per Jessen wrote:
Lew Wolfgang wrote:
On 5/1/23 08:37, Per Jessen wrote:
Using NFS across a firewall is not typically done. Clients and servers are all expected to be on a trusted network. It is possible NFSv4 has made changes in this respect, I haven't looked.
We use NFS with the host-based firewalls running, both SuSEfirewall2 and firewalld.
Like I have suggested before, you and Carlos are kindred spirits :-)
I disagree. If the network is trusted, what is the point of a firewall?
It's good security practice, we've been doing it for decades.
I'm sorry, what is "good security practice"? not trusting your trusted network?
I would never trust the company network.
I'm sorry, where do you fit in to this? Are you the user, the admin, the janitor ?
Depends, but above I was thinking as the user.
Indeed, that we could do that was once justification to not use Windows! It protects well-behaved Linux boxes from those rude and insecure Windows cesspools on the same subnet.
In other words, you don't have a trusted network, hence the need for firewalls. Makes perfect sense.
No, Per, that is normal Windows behaviour and healthy prevention. Any well protected Windows shop can be infected accidentally one day.
You don't trust your Windows machines, yet you connect them to your trusted network - thereby compromising it. If you consider that normal behaviour and you wae the admin in charge, you're fired.
I suggest you look up what "trusted" means, Carlos. It only comes in two versions.
In your own case, you have an untrusted network yet you want to run a trusted service over it. Bonkers.
We have different definitions. As all my computers run firewalls, I can connect unknown Windows machines here. If I am suspicious, I switch of or disconnect local machines. In fact, observing the resulting traffic is a tool to know there is something amiss with the Windows machine, so that I can repair it. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)