On Wed, May 22, 2002 at 03:18:45PM +0200, Peter Mathiasson wrote: > On Wed, May 22, 2002 at 02:54:00PM +0200, Jeroen Dekkers wrote: > > No, at least my philosophy is "you do something the right way or you > > don't do it at all". But we already have ripped the Linux TCP/IP stack > > For some reason, you also seem to believe that _everyone_ should think > that your solution is the right way. > So, it's your way or no way. No, that's the other side of the argument. The "no host-based firewall" side still allows external firewalls, disconnected operation, security through turning off crap you don't need, application-level acl's, etc.--but lots of alternative solutions. It's the "firewalls are a requirement for something to be in debian" school of thought that's "your way or no way." (Truely ironic since debian doesn't use firewalls by default, and doesn't have any immediate plans for a release with the "iptables-style firewalling" mentioned at one point to be included in a default kernel.) -- Mike Stone
Attachment:
pgpwaIKvkf0H6.pgp
Description: PGP signature