[UPnP-SDK-discuss] UPNP Server/Application Gateway for Linux
Mon, 8 Apr 2002 11:16:38 +0200
Content-Type: text/plain; charset=us-ascii
On Sun, Apr 07, 2002 at 06:28:01PM -0400, Brian J. Murrell wrote:
> On Sun, Apr 07, 2002 at 03:33:23PM +0200, Henrik Nordstrom wrote:
> > A firewall who gives no access is very effective, but not likely to=20
> > make you very famous as it also inhibits any communication to take=20
> > place.
> Understood. But a firewall that takes "orders" as to what to open and
> close without and understanding of what it's for is next to useless.
> Firewalls are put in place precisely because OSes and applications
> cannot be trusted on the network. To then give them the permission to
> modify the security policy as they wish makes them next to useless.
I totally agree. Of course those 'orders' would need to go through some
firewall-admin defined policy, before hitting netfilter/iptables.
This is the job done by configuration of the upnp-daemon.=20
> I disagree with this characterization. I have seen nothing to suggest
> UPnP has anything to do with security but rather is about getting
> access through firewalls. But this opinion is only based on what I
> have read here. I have not read the UPnP spec. Feel free to correct
> me if you know different.
My impression is also that upnp has not the goal of securing anything.
> Brian J. Murrell
Live long and prosper
- Harald Welte / firstname.lastname@example.org http://www.gnumonks.org/
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+=
V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----