Browse Prior Art Database

Reflections on Host Firewalls (RFC7288) Disclosure Number: IPCOM000237584D
Original Publication Date: 2014-Jun-01
Included in the Prior Art Database: 2014-Jun-25
Document File: 26 page(s) / 29K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Thaler: AUTHOR


[BLOCK-FILTER] discusses the issue of blocking or filtering abusive or objectionable content and communications, and the effects on the overall Internet architecture. This document complements that discussion by focusing on the architectural effects of host firewalls on hosts and applications.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 9% of the total text.

Internet Architecture Board (IAB)                              D. Thaler Request for Comments: 7288                                     Microsoft Category: Informational                                        June 2014 ISSN: 2070-1721

                      Reflections on Host Firewalls


   In today's Internet, the need for firewalls is generally accepted in    the industry, and indeed firewalls are widely deployed in practice.    Unlike traditional firewalls that protect network links, host    firewalls run in end-user systems.  Often the result is that software    may be running and potentially consuming resources, but then    communication is blocked by a host firewall.  It's taken for granted    that this end state is either desirable or the best that can be    achieved in practice, rather than (for example) an end state where    the relevant software is not running or is running in a way that    would not result in unwanted communication.  In this document, we    explore the issues behind these assumptions and provide suggestions    on improving the architecture going forward.

Status of This Memo

   This document is not an Internet Standards Track specification; it is    published for informational purposes.

   This document is a product of the Internet Architecture Board (IAB)    and represents information that the IAB has deemed valuable to    provide for permanent record.  It represents the consensus of the    Internet Architecture Board (IAB).  Documents approved for    publication by the IAB are not a candidate for any level of Internet    Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,    and how to provide feedback on it may be obtained at

Thaler                        Informational                     [Page 1]
 RFC 7288                     Host Firewalls                    June 2014

 Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the    document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal    Provisions Relating to IETF Documents    ( in effect on the date of    publication of this document.  Please review these documents    carefully, as they describe your rights and restrictions with respect    to this document.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3

     1.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   4

   2.  Firewall Rules  . . . . . . . . . . . . . . . . . . . . . . .   5

   3.  Category 1: Attack Surface Reduc...