Raw unrefined suggestion about firewall rules

Since now we see attacks from inside intranets, using zombie networks, I think it could be a good idea to turn on the firewalls on each machine in the network (including on Windows stations, which I know is sometimes a problem) and to set up a detailed set of rules for them.

My problem was: how to figure out which rules for such a complex problem, so many machines?
My suggestion: why not propose a standard for a single file giving the positive rules necessary for a software to operate?

One file per application, that would come shipped with the application, and would describe all the things that need be open, for the application to work. The file would not describe what set of rules to put on which firewall, but simply what needs to be open.

If we have a look at the TCP/IP layers

This picture from Wikipedia under the GFDL license.

we see that simple firewalls operate on the Internet and Transport layers. Modern firewalls and proxies also operate on the Application layer.
I guess a simple XML dialect could be created to describe which things need be let in and out, on which layer. If this gets standardized or at least RFC'ed, there is a good chance to see opensource software adopt it, both on the application and on the firewall sides. On which case, since opensource is biggest marketshare on infrastructure, others should follow.
(All that raw and unrefined.)

A firewall is not a security device

If you want to filter things intelligently, you are doing security.
If you review your filtering policies regularly, you are doing security.

But a simple firewall, which typically drops packets going to some ports, is no security device. It's just part of shaping the network. It deals with the normal use of the network, it doesn't help with the following:

• Confidentiality: think of all the opportunities to sidestep a firewall... The tunnels, the vulnerabilities in the servers and, of course, the HTTP traffic itself which is the biggest threat to confidentiality.
• Integrity.
• Availability: it will not help you against DoS attacks, nor against hardware failures...

The firewall is a part of the architecture, allowing to say to the normal users that they are not supposed to use instant messaging, or SSH, or FTP, but it does nothing against an attacker. A firewall is not a security device.