Reflections on Host Firewalls
RFC 7288, “Reflections on Host Firewalls”, is an Informational document published in June 2014 by D. Thaler. The canonical text is published by the RFC Editor.
Abstract
In today's Internet, the need for firewalls is generally accepted in the industry, and indeed firewalls are widely deployed in practice. Unlike traditional firewalls that protect network links, host firewalls run in end-user systems. Often the result is that software may be running and potentially consuming resources, but then communication is blocked by a host firewall. It's taken for granted that this end state is either desirable or the best that can be achieved in practice, rather than (for example) an end state where the relevant software is not running or is running in a way that would not result in unwanted communication. In this document, we explore the issues behind these assumptions and provide suggestions on improving the architecture going forward.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 7288 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7287 Mobile Multicast Sender Support in Proxy Mobile IPv6 Domains
- RFC 7289 Carrier-Grade NAT Deployment with BGP/MPLS IP VPNs
- RFC 7286 Application-Layer Traffic Optimization Server Discovery
- RFC 7290 Test Plan and Results for Advancing RFC 2680 on the Standards Track
- RFC 7285 Application-Layer Traffic Optimization Protocol
- RFC 7291 DHCP Options for the Port Control Protocol
- RFC 7284 The Profile URI Registry
- RFC 7292 PKCS #12: Personal Information Exchange Syntax v1.1