Re: Release update

To: debian-devel@lists.debian.org
Subject: Re: Release update
From: Steve Kemp <skx@debian.org>
Date: Mon, 29 Mar 2004 19:54:52 +0100
Message-id: <[🔎] 20040329185452.GB4006@steve.org.uk>
Reply-to: Steve Kemp <skx@debian.org>
In-reply-to: <[🔎] 20040329182606.GA13590@rembrandt.csv.ica.uni-stuttgart.de>
References: <20040329144022.GA24540@riva.ucam.org> <[🔎] 20040329152459.GA27437@steve.org.uk> <[🔎] 20040329175005.GC17981@keid.carnet.hr> <[🔎] 20040329180159.GA1809@steve.org.uk> <[🔎] 20040329182606.GA13590@rembrandt.csv.ica.uni-stuttgart.de>

On Mon, Mar 29, 2004 at 08:26:06PM +0200, Thiemo Seufer wrote:

> >   Having iptables or ipchains installed as part of the base install
> >  would be good - but I'm suggesting that we have some default rules,
> >  such as accepting only local connections to all services.
> 
> Which would AFAIK immediately kill the s390 installer, which runs over
> ssh. I have yet to see a rule set which works decently everywhere.

  Sure, some people are going to have different needs, but I think
 that disabling incoming connections unless explicitly enabled would
 be a proactive step for the distribution.

  If there is one arch which wouldn't allow this then fair enough 
 disable it for that one, I don't think that is a sufficiently good
 argument for disabling it for all though.

Steve
--

Reply to:

Follow-Ups:
- Re: Release update
  - From: Thiemo Seufer <ica2_ts@csv.ica.uni-stuttgart.de>

References:
- Re: Release update
  - From: Steve Kemp <skx@debian.org>
- Re: Release update
  - From: Josip Rodin <joy@srce.hr>
- Re: Release update
  - From: Steve Kemp <skx@debian.org>
- Re: Release update
  - From: Thiemo Seufer <ica2_ts@csv.ica.uni-stuttgart.de>

Prev by Date: Re: Release update
Next by Date: unstable in the middle of the Bokmal transition?
Previous by thread: Re: Release update
Next by thread: Re: Release update
Index(es):
- Date
- Thread