On 12/08/2013 04:13 AM, Jérémie Marguerie wrote: > On Sat, Dec 7, 2013 at 4:03 PM, Anatoli Lichii <[email protected]> wrote: >> I use ufw/gufw > > A simple firewall configuration is to allow what goes out and only > accept what comes in if it was initiated from your laptop > ("established" > connection). >
If you used only laptop ie no service port open and only tcp/ip return connection needed. I think at firewall is useless, because you want use all services and you must accept return connections, but if you like use only spesific protocols for outgoing services then firewall helps. These hostfirewalls are good for servers only, but only reason why these coming popular was Windows-machines which start spread malware from spesific serviceport. At enterprise environment you sometimes could shutdown these port via firewall and mitigated problem. These cloudservices made edge firewalls quite useless at many environment, because most services were tunneled inside https. Any customer behind firewall can tunnel anyone via his/her computer to intranet. This is one reason why these umt/ips firewalls with own certificate were used at many company today. If you like use firewall, fine, but it have own incompletenessines. I like use fwbuilder, since it's easy made complex setups. Regards, Riku -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
