On 16.7.2011 19:37, Ljubomir Ljubojevic wrote:
Markus Falb wrote:
On 16.7.2011 19:03, Ljubomir Ljubojevic wrote:
All firewalls (on Linux at least) are by default closed, and you need knowledge to punch through the wholes for your public services.
This is complete nonsense! You are free to configure a default policy of accept and forbid only selected services.
Please do not pull sentences out of context. Keith wrote:
Which is why one poster mentioned that you need to be familiar with IPtables and Networking before trying to make your machine(s) network(s) secure?
and I replied in the sense that he only needs to turn his firewall ON to be secure. "by default" means exactly that, I was not writing about you being able to change *default* configuration!
If you turn firewall ON (in GUI for example, and especially in RHEL/CentOS ), without any allowed service, your system/network will be protected. If you do allow some services, the rest of the services on your system/network will be protected.
So now you are talking about turning firewall on yourself manually (in GUI for example) ? Uh, not my definition of default.
Anyway, problem here might be that the term "default" is overloaded. You were talking of defaults in linux firewalls generally. Now you are talking about default behaviour of some tools not further specified. I remember third party tools like shorewall beeing mentioned and there exist others like fwbuilder and possibly others that you and I never heard of and possibly with unheard default settings. But you could also refer to a "default install". With respect to RHEL/CentOS you are talking about anaconda only then.
With anaconda one can miss to enable firewall easily. On could get hands on a already installed system. Imagine there is no iptables installed. How do you activate firewall ? Something like that ?
# yum install iptables # service iptables start
What have you now ? Nothing. Default policies (finally we have another meaning of default) with ACCEPT and no rules. One has to do rules himself. No defaults.