Re: application level firewalling in linux?(was:ipchains...masq..spyware)
wsa <wsa@hotpop.com> writes:
wsa> My question was about linux and how to accomplish security
wsa> on application level, like what happens in windows with a personal
wsa> firewall.
wsa> Because i don't understand how i can achieve full security when opening
wsa> ports...like port 80 for the web or 110 and so on.
What behavior do Windows "personal firewalls" have that you'd like to
replicate? [1] What are you trying to protect yourself from -- what
entails "full security" on an arbitrary outgoing HTTP connection?
(And, have you read the Firewall-HOWTO? It looks informative, if a
bit political at times.)
[1] The people I talk to regularly seem convinced that the primary
purpose of this sort of software is to generate extra calls to various
institutions' technical support lines; the answer to "why are you
attacking my machine" seems to always be "because you're running
broken software that doesn't correctly do TCP" or "because you're
running broken software that's configured to get NTP information from
our Web server by default for no terribly good reason".
--
David Maze dmaze@debian.org http://people.debian.org/~dmaze/
"Theoretical politics is interesting. Politicking should be illegal."
-- Abra Mitchell
Reply to: