On Mon, Aug 20, 2007 at 09:04:18AM +0000, paddy@panici.net wrote: > > I'm no security expert, but I would suggest that a benefit of > > 'Personal' firewalls is the provision of a simple, systematic way of > > restricting access to services. Yes, many apps offer some way of doing > > this, but remembering each one's different method of doing this can be > > a headache. I suppose one really should, for maximum security, but I > > think there's still benefit in a simpler, consistent system. > > Additionally, not all apps do this the same way; for example, sshd can > > be configured to bind to a specific IP address, but what if the address > > is unknowable in advance? Can it be limited to a specific interface, > > as can be accomplished with a firewall? Even if the answer is yes, my > > point about simplicity remains. > > > > I may be off base here; I'm just expressing my (limited) understanding > > of the issue. > > no, you are bang on the mark! > > absolutely spot on! > > I can't help wondering if the problem is more one of the distro being > able to solve the problem of how to supply an implementation, and I'm > not sure how much further forward the conversation can move without > getting its hands dirty. IMHO the distro already solves the problem. See http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-firewall-setup (more in depth at http://wiki.debian.org/Firewalls) Each users have their different set of needs and Debian provides different firewalling tools for each of them: - Are you a novice user running GNOME: use firestarter (don't use gnome-lokkit, it's no longer developed) - Are you a novice user running KDE: use guarddog or knetfilter - Are you an admin that wants a nice interface: use shorewall, fwbuilder or firehol As you have different tools to use you just have to select one and use it. The default installation of the desktop environment does not install multiple firewall frontends as they would conflict between each other. The user has to make a decision as to which one they prefer to use (if any). Regards Javier
Attachment:
signature.asc
Description: Digital signature