Re: Release update
On Mon, Mar 29, 2004 at 07:52:45PM +0100, Zefram wrote:
> That would be a really bad idea. Having the services only accept local
> connections would make some sense, but crippling the networking is not
> a good default.
"Crippling" seems to be a harsh assessment.
However going the other way and setting up all networking packages
_by default_ to bind to only the local interface would be an acceptible
alternative.
The attraction of a firewalling-by-default approach would be that
only one additional new package must be added, rather than updating
all the networking packages. (mysql, postgres, apache, bind, etc).
Steve
--
# Debian Security Audit Project
http://www.shellcode.org/Audit/
Reply to: