RFC 7288

Reflections on Host Firewalls, June 2014

File formats:
icon for text file icon for PDF icon for HTML
Status:
INFORMATIONAL
Author:
D. Thaler
Stream:
IAB

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC7288

Discuss this RFC: Send questions or comments to the mailing list iab@iab.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 7288


Abstract

In today's Internet, the need for firewalls is generally accepted in the industry, and indeed firewalls are widely deployed in practice. Unlike traditional firewalls that protect network links, host firewalls run in end-user systems. Often the result is that software may be running and potentially consuming resources, but then communication is blocked by a host firewall. It's taken for granted that this end state is either desirable or the best that can be achieved in practice, rather than (for example) an end state where the relevant software is not running or is running in a way that would not result in unwanted communication. In this document, we explore the issues behind these assumptions and provide suggestions on improving the architecture going forward.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.




Advanced Search