Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
>>> - Debian should ship a default set of firewall rules. Are we the only
>>> distro which doesn't do this? I mean a basic ruleset which drops
>>> incoming, accepts outgoing and accepts related,establised is so easy to
>>> do... and it would help for all those cases where services are started
>>> but not yet finally configured/secured by the admin.
>> Are all of our users admins that grasp firewalls?
> Most likely not, and therefore I agree that with the current state of
> affairs, enabling a firewall on Debian by default is probably a bad idea.
One could also interpret this the other way - since many people don't
know how to manually configure a firewall, there should be something
there per default that protects them.
> However, it should be possible to create a tool which helps novice users
> in managing their firewall, and such a tool could be installed by
> default on at least a Desktop installation. If we go down that route,
> and if said tool is easy enough to use and understand for the most
> novice of users, I would absolutely agree that enabling a firewall with
> this tool on default installations is desirable.
There's firewalld that integrates into NetworkManager - at last for
Desktops using the latter (KDE, Gnome, Xfce, probably more) that may be
a sensible choice. I didn't have a closer look at it yet, though.