On Thu, Oct 30, 2014 at 05:52:07PM +0100, Christoph Anton Mitterer wrote: > - Debian should ship a default set of firewall rules. Are we the only > distro which doesn't do this? I mean a basic ruleset which drops > incoming, accepts outgoing and accepts related,establised is so easy to > do... and it would help for all those cases where services are started > but not yet finally configured/secured by the admin. Are all of our users admins that grasp firewalls? That being said: Related is a subject to debate. You also need to load the appropriate modules that implement the connection tracking. Should we load all of them by default? Just FTP? What about crazy RTSP clients? (AFAIK there's still no sane conntracking for them in the kernel.) I guess that's the kind of point Wouter tried to raise. Computers are still a tool and we should not make it insanely difficult for users to figure out what's broken because someone has a firewalling fetish. Would we even standardize on a single framework? Of course not, we're universal in ALL the things. Packages would need to be able to provide new rules. What about you doing the work to provide such a framework first? Kind regards Philipp Kern
Attachment:
signature.asc
Description: Digital signature