On Wed, 2008-08-27 at 16:15 -0700, Darren Reed wrote: > Bill, my thoughts on this are that this project is primarily aimed > at delivering access control for running network services, rather > than being a network firewall per se - if you like, this project is > more concerned with being a host based firewall and not a > network chokepoint.
That this is aimed at a "host firewall" use case was quite clear from the spec. The very nature of firewalls -- host, or network -- is that they must occupy some sort of chokepoint between entities which need protection and the big bad internet. If they can be bypassed, they don't do any good. > But that said, the greater question you've asked is a good one: > is it an acceptable policy to allow service administrators, rather > than a host administrator to control network access to a service? Unless I'm mistaken, the spec as written would allow *any* service administrator to inject essentially arbitrary rules into the global ipf.conf. > I suppose the question you're asking is what if the systems policy > is to allow delegation of the control of the services but not control > over network access to the services? Is that just a simple matter > of more ownership/access rights on the various SMF properties? the spec does not talk about such matters. > But if there is an overall policy that should be applied instead, > like you are suggesting, then my take on this is that it falls outside > of what this project is delivering. so this project is just intended to provide the impression of security without actually providing any real controls on traffic flow?