On 06/12/16 05:50, Lars Noodén wrote: > Where should we be commending the storage of iptables rules in Devuan > Jessie?
There should not be a default location. It should be left to each firewall application to define. This is particularly important as iptables has a competitor in nftables and likely to be deprecated at some point so we can't guarantee into the future that iptables will always exist. There is a processing cost to iptables and to be honest whilst iptables is fantastic at border gateway for filtering out malicious traffic, it may not be either necessary or desirable on hosts inside the network. I'm probably getting a little of topic here, but IMHO, MS Windows needs a firewall because it has so many leaky hidden services running on the host that should never be exposed to even local networks that make it extremely vulnerable, so it essentially needs a to be enclosed in a farraday cage with a few pinholes for the necessary inbound services. Generally a well setup Linux system has no network connectable services running that aren't intended to be, in which case it's relatively resistant to hacking attempts. This means firewall in a well secured network is generally not necessary or desirable. The only instance I'd consider a workstation firewall is a laptop connecting to untrusted networks regularly. Of course some Linux distrobutions push firewalling with the same fervor as Microsoft and their "security suite" leaches. This is because the added complexity creates more need for hand holding and thus the opportunity to derive revenue and also to hide the fact that their sloppy installers install and run poorly configured services by default on systems that don't need them. -- Daniel Reurich Centurion Computer Technology (2005) Ltd. 021 797 722
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
