On Fri, Aug 17, 2007 at 03:04:42PM -0700, Jack T Mudge III wrote: > On Thursday 16 August 2007 15:09, R. W. Rodolico wrote: > > Unfortunately, I have to point to some of the > > user oriented firewalls you get for windoze (which, to my knowledge, Linux > > does not have). When they are installed, the shut down basically > > everything incoming, and all but a few standard outgoing ports (http, > > smtp, pop and imap). When an application tries to go out of another port, > > a pop-up informs the user and they can choose to accept, accept or reject, > > with a "forever" modifier on both, and the firewall changes its rules > > appropriately. > > The problem with these lies on 2 levels. The first is that all network traffic > would have to somehow be routed through this application, which in windows is > no big deal as all that is already in place. But we haven't installed that > infrastructure, so it would be tougher to get that running in the first > place. This is not a primary concern regarding the firewall, but it is an > issue if we do eventually decide to integrate a firewall like that. Iptables can already do this, it can communicate with user-space applications. There's just no desktop-oriented firewall application (that I know of) that uses this feature to use this feature. Some applications (firestarter at least), however, do allow you to see the firewall logs and enable/disable rules based on rejected traffic. Not very intuitive, however, and no information of which process is responsible for the outgoing communication or would receive the incoming communication. Regards Javier
Attachment:
signature.asc
Description: Digital signature