I'll agree that if your system doesn't have ports open by default then you're fine, but if for instance your package manager pulls in mysql or postfix or similar as a dependency for some package that doesn't really need it to use its network capabilities then having the ability to turn on a firewall in public wifi networks for instance that blocks all traffic to those services would be a bonus, in my opinion. Also, you're right, firewall vendors try to push everyone to have a firewall and so, as a result, a lot of users aren't happy with the idea that there is no firewall on their system because they have been indocterinated into the idea that they must have one ;)
2009/6/22 Marc Herbert <[email protected]> > Hi Graham, > > Graham Lyon a écrit : > > Firewalls, for the average end user, should "just work". A great many > linux > > distros don't come with a firewall configured by default and there is no > > default mechanism for interfacing with a firewall and opening ports etc > for > > any software to use. > > The reason for this by the way, is that most Linux distros do not need > a firewall at all. That is because unlike other systems, they are not > insecure by default. I mean that most desktop distros do not have a > number of useless and insecure daemons listening to the network by > default. When ports are already closed by default then you obviously > do not need the complexity of a firewall to "double-close" them! > > Sorry for ranting but I am a bit tired of the "everyone needs a > firewall" bullshit. That is simply wrong (and probably pushed very > hard by firewall vendors). Closer to the truth is: "everyone running a > system insecure by default needs a firewall patch on top of it". > > So, while the average desktop Linux user simply does not need a > firewall and is more than happy with the best firewall interface ever > invented (= no firewall at all) *some* other users might need a > firewall and would certainly find useful what you are suggesting. Good > luck. > > Cheers, > > Marc > > > PS: I have left for years a Windows 2000 system on-line without any > firewall and without any problem. BUT I had explicitly disabled most > network services beforehand. It was shamelessly far from easy to > achieve, see for instance this: > http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html > > _______________________________________________ > NetworkManager-list mailing list > [email protected] > http://mail.gnome.org/mailman/listinfo/networkmanager-list >
_______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
