[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files

On Thu, Oct 30, 2014 at 05:52:07PM +0100, Christoph Anton Mitterer wrote:
> - Debian should ship a default set of firewall rules. Are we the only
> distro which doesn't do this? I mean a basic ruleset which drops
> incoming, accepts outgoing and accepts related,establised is so easy to
> do... and it would help for all those cases where services are started
> but not yet finally configured/secured by the admin.

Are all of our users admins that grasp firewalls? That being said: Related is a
subject to debate. You also need to load the appropriate modules that implement
the connection tracking. Should we load all of them by default? Just FTP? What
about crazy RTSP clients? (AFAIK there's still no sane conntracking for them in
the kernel.)

I guess that's the kind of point Wouter tried to raise. Computers are still a
tool and we should not make it insanely difficult for users to figure out
what's broken because someone has a firewalling fetish. Would we even
standardize on a single framework? Of course not, we're universal in ALL the

Packages would need to be able to provide new rules.  What about you doing the
work to provide such a framework first?

Kind regards
Philipp Kern

Attachment: signature.asc
Description: Digital signature

Reply to: