[UPnP-SDK-discuss] UPNP Server/Application Gateway for Linux

Harald Welte laforge@gnumonks.org
Mon, 8 Apr 2002 11:16:38 +0200 

--0IvGJv3f9h+YhkrH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Apr 07, 2002 at 06:28:01PM -0400, Brian J. Murrell wrote:
> On Sun, Apr 07, 2002 at 03:33:23PM +0200, Henrik Nordstrom wrote:
> >=20
> > A firewall who gives no access is very effective, but not likely to=20
> > make you very famous as it also inhibits any communication to take=20
> > place.
>=20
> Understood.  But a firewall that takes "orders" as to what to open and
> close without and understanding of what it's for is next to useless.
> Firewalls are put in place precisely because OSes and applications
> cannot be trusted on the network.  To then give them the permission to
> modify the security policy as they wish makes them next to useless.

I totally agree.  Of course those 'orders' would need to go through some
firewall-admin defined policy, before hitting netfilter/iptables.

This is the job done by configuration of the upnp-daemon.=20

> I disagree with this characterization.  I have seen nothing to suggest
> UPnP has anything to do with security but rather is about getting
> access through firewalls.  But this opinion is only based on what I
> have read here.  I have not read the UPnP spec.  Feel free to correct
> me if you know different.

My impression is also that upnp has not the goal of securing anything.

> Brian J. Murrell



--=20
Live long and prosper
- Harald Welte / laforge@gnumonks.org               http://www.gnumonks.org/
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+=
=20
V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)

--0IvGJv3f9h+YhkrH
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8sV/2XaXGVTD0i/8RAqj6AJ9ThO9l0DAjyQvUcKzfSaEy3wRRRgCfR7ul
6oy7kd8a3muCmcsGmsDjaAM=
=kurm
-----END PGP SIGNATURE-----

--0IvGJv3f9h+YhkrH--