On Mon, Mar 29, 2004 at 09:05:33PM +0200, Marco d'Itri wrote: > On Mar 29, Steve Kemp <skx@debian.org> wrote: > > > For example portmap, nfs-server, etc. I am sure that these services > > are secure but as a matter of principle I believe that nothing should > > be open unless it is explicitly enabled. > > > > That's why I would be pleased if we could offer a firewall question > > in the base installer, or install someting by default. > This can easily be controlled with tcpd. Funny. As with Steve's example, we don't enforce any policy regarding tcp. We used to have a "PARANOID" one, but now we don't even do that. It could be easily controlled with tcpd if the maintainer cared to apply the patch [1] available in #62145 (which I've been holding myself to not NMU). Yes, it would introduce yet another debconf question on the default installation, sorry Joey. Regards Javier [1] Slightly tested by myself
Attachment:
signature.asc
Description: Digital signature