On Mon, 2010-12-06 at 20:08 -0600, Chris Adams wrote:
> Once upon a time, Adam Williamson <awill...@redhat.com> said:
> > On most laptops, however, which are the most common types of system sold
> > today, a firewall is very definitely needed when you're connecting to
> > hotel networks, public wifi access points...
>
> The only thing you need a firewall by default for is to prevent services
> that are listening on the network from being accessible. The better
> solution is to stop having services listen on the network by default.
>
> This was done for sendmail many years ago; why hasn't it been done for
> other things, such as rpcbind (and RPC services), cups, etc.? These
> daemons should bind to localhost only unless otherwise configured.
In the cups case might be probably reasonable to default to localhost.
However for rpcbind it is clearly not so - what's the point of starting
things that are mostly needed for NFS when you would be able to mount
only NFS provided by the localhost and export it to the localhost only
as well. In that sense it is debatable whether we want to have rpcbind
ON by default but having it on and bind to localhost only does not make
any sense to me.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
