On Sun, Apr 07, 2002 at 06:28:01PM -0400, Brian J. Murrell wrote: > On Sun, Apr 07, 2002 at 03:33:23PM +0200, Henrik Nordstrom wrote: > > > > A firewall who gives no access is very effective, but not likely to > > make you very famous as it also inhibits any communication to take > > place. > > Understood. But a firewall that takes "orders" as to what to open and > close without and understanding of what it's for is next to useless. > Firewalls are put in place precisely because OSes and applications > cannot be trusted on the network. To then give them the permission to > modify the security policy as they wish makes them next to useless.
I totally agree. Of course those 'orders' would need to go through some firewall-admin defined policy, before hitting netfilter/iptables. This is the job done by configuration of the upnp-daemon. > I disagree with this characterization. I have seen nothing to suggest > UPnP has anything to do with security but rather is about getting > access through firewalls. But this opinion is only based on what I > have read here. I have not read the UPnP spec. Feel free to correct > me if you know different. My impression is also that upnp has not the goal of securing anything. > Brian J. Murrell -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
msg00602/pgp00000.pgp
Description: PGP signature
