[ros-general] Re: TDI-Based Open Source Personal Firewall

Michael B. Trausch fd0man at gmail.com
Tue Nov 15 02:56:08 UTC 2005 

crashfourit wrote:
> 
> I would say that the firewall needs to be integrated with the TCP/IP 
> stack and the network API.  This could give better protection for the
>  end user, but it could come with a curse. To do this, we would need
> to make sure that eliminate, as much as possible, the possibility of
> double free and buffer overflow attacks. Also, there need to be an
> option to log were all the traffic is coming from or going to. In
> addition, it needs filter, including incoming traffic, outgoing
> traffic. Also, it need to be able to destignuish between trusted
> addapters and non-trusted addapter with various levels between them.
> It would also be nice to have the option to filter out most
> everything when the screensaver is on or after a certain user
> inactivity period.
> 

I don't know about that idea, really.  It pretty well completely
undermines the ability of the user to make the choice, even if they are
making a completely unreasonable one.  It's the style of forcing things
down one's neck that I just really don't get.

Other operating systems have this sort of thing built into their
kernels, such as Linux and *BSD, but it's not something that has ever
really been built-in to the Windows kernel, and various vendors have
created their custom, third-party solutions to that.  I think that
perhaps the ROS firewall should be something that could be installed in
the Add/Remove Components control panel, like you can add/remove
features to/from Windows using.  I don't think it'd actually be a bad
idea to do that with a lot of things that ReactOS could come "out of the
box" with.  That helps do something that's great:  Give the end-user a
choice.  If the end-user doesn't want to run the ReactOS optimized web
server or the ReactOS firewall, they don't have to.  They can use
anything that they want in its place.

	- Mike

-- 
Michael B. Trausch                                      fd0man at gmail.com
AIM: MB Trausch                             Jabber:  mtrausch at jabber.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://reactos.org/pipermail/ros-general/attachments/20051114/08746d52/attachment.sig>

More information about the Ros-general mailing list