Re: Release update
Steve Kemp wrote:
> On Mon, Mar 29, 2004 at 08:26:06PM +0200, Thiemo Seufer wrote:
>
> > > Having iptables or ipchains installed as part of the base install
> > > would be good - but I'm suggesting that we have some default rules,
> > > such as accepting only local connections to all services.
> >
> > Which would AFAIK immediately kill the s390 installer, which runs over
> > ssh. I have yet to see a rule set which works decently everywhere.
>
> Sure, some people are going to have different needs, but I think
> that disabling incoming connections unless explicitly enabled would
> be a proactive step for the distribution.
I disagree. If you don't want to use a network service, then don't
install it in the first place, or bind it to a local port.
> If there is one arch which wouldn't allow this then fair enough
> disable it for that one, I don't think that is a sufficiently good
> argument for disabling it for all though.
It was just an example. The same goes for every remote box which is
updated via network.
Thiemo
Reply to: