stateful firewall (was: Automatic Firewall)
Dax Kelson
dax at gurulabs.com
Sat Jan 10 23:52:21 UTC 2004
On Sat, 2004-01-10 at 15:21, Riku Meskanen wrote:
> BTW, I've been wondering loooong time why default FW has not
> been stateful?
[snip]
> Any reason not to ship a stateful filter by default? It would
> make people with less experience with networking easier to get
> things working out of box and withouth necessarily punching silly
> holes in initscripts and like. (Haven't looked recently if those
> are still there ...)
>
> Above template allows directly to client use DHCP, NTP, NFS, etc.
> without a single line modification. Only the incoming connections need
> to be customized and ONLY in server use and providing services to
> other computers, workstations do not necessarily need to be touched.
> A simple python/perl script could do that if nothing else.
>
> Any plans yet?
I felt the same and submitted patches in Aug 2003.
Fedora Core v1 and Red Hat Enteprise Linux v3 both create stateful
firewalls by default. No breakage for locally initiated connections. Big
improvement over RHL9 and earlier.
Didn't you read the Release Notes?
Dax Kelson
Guru Labs
More information about the fedora-devel-list
mailing list