<br><br><div><span class="gmail_quote">On 2/20/07, <b class="gmail_sendername">Simon Budig</b> <<a href="mailto:simon@budig.de">simon@budig.de</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I guess you are missing the point here: Usually a nokia tablet does not<br>have internet services running. Asking for iptables is like asking for a<br>padlock, when your house does not have any doors. In that case the lock
<br>would not at all improve the security.</blockquote><div><br>The internet tablet runs an Xserver for one. Use nmap on your PC to scan your Nokia. It has open ports. Marius had specifics earlier.<br><br>Regardless, people /are/ running additional services on their devices. I run xserver--which has no security except it only runs when I tell it to--as well as privoxy, and openssh. Yes, I have the latter two packages set to only allow connections from localhost, but what if there's a bug that allows remote hosts under some situations; buffer overflows, for example. If I had iptables I could also specify that to drop packets from untrusted sources.
<br></div><br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">So far you have not yet specified *why* having iptables on the device<br>would help with the security.
</blockquote><div><br>Umm.. Because it's a firewall. That's the purpose of a firewall: to improve security. Can you think of anyway it might harm security? Or any harm it might do aside from making the kernel a little larger? IMHO, anything internet connected should have some sort of firewall. Since we have a Linux kernel, it would make most sense to have iptables.
<br></div><br>And that's all I'm going to say. It looks like this is about to turn into a flame war, so I'm stepping out. Cheers!<br><br>--Paul<br></div><br>