On Mon, Mar 29, 2004 at 07:01:59PM +0100, Steve Kemp wrote: > On Mon, Mar 29, 2004 at 07:50:05PM +0200, Josip Rodin wrote: > > > > Without wanting to cause another flamewar on debian-devel what > > > are the chances that we could get some kind of firewall installed > > > within the base system in time for a new release? > > > > iptables is of important priority? > > Having iptables or ipchains installed as part of the base install > would be good - but I'm suggesting that we have some default rules, > such as accepting only local connections to all services. Iptables is, or at least I think it is. However, the maintainer, in response to #212692, said: "iptables is not a firewall." Feel free to reopen that bug report, if firewall configuration should be part of the base install, it should be done by a good default rule in the iptables scripts. IMHO that would prevent people from shooting themselves in the foot because they do not know their way around Debian. An example of that is the fact that many will still install network services without wanting them to be installed. [1] Regards Javi [1] This was the case of the 'standard' network services (portamap, nfs-common) in woody, don't know about sarge though since installation-reports don't include information of network services installed in the system.
Attachment:
signature.asc
Description: Digital signature