Search RFCs
RFC 7288
Reflections on Host Firewalls,June 2014
- File formats:
- Status:
- INFORMATIONAL
- Author:
- D. Thaler
- Stream:
- IAB
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC7288
Discuss this RFC: Send questions or comments to the mailing listiab@iab.org
Other actions:Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 7288
Abstract
In today's Internet, the need for firewalls is generally accepted inthe industry, and indeed firewalls are widely deployed in practice.Unlike traditional firewalls that protect network links, hostfirewalls run in end-user systems. Often the result is that softwaremay be running and potentially consuming resources, but thencommunication is blocked by a host firewall. It's taken for grantedthat this end state is either desirable or the best that can beachieved in practice, rather than (for example) an end state wherethe relevant software is not running or is running in a way thatwould not result in unwanted communication. In this document, weexplore the issues behind these assumptions and provide suggestionson improving the architecture going forward.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.