{"draft":"draft-iab-host-firewalls-04","doc_id":"RFC7288","title":"Reflections on Host Firewalls","authors":["D. Thaler"],"format":["ASCII","HTML"],"page_count":"13","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"IAB","abstract":"In today's Internet, the need for firewalls is generally accepted in\r\nthe industry, and indeed firewalls are widely deployed in practice.\r\nUnlike traditional firewalls that protect network links, host\r\nfirewalls run in end-user systems.  Often the result is that software\r\nmay be running and potentially consuming resources, but then\r\ncommunication is blocked by a host firewall.  It's taken for granted\r\nthat this end state is either desirable or the best that can be\r\nachieved in practice, rather than (for example) an end state where\r\nthe relevant software is not running or is running in a way that\r\nwould not result in unwanted communication.  In this document, we\r\nexplore the issues behind these assumptions and provide suggestions\r\non improving the architecture going forward.","pub_date":"June 2014","keywords":["Filter","Filtering"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7288","errata_url":null}