[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: default firewall utility changes for Debian 11 bullseye

On Wed, Jul 31, 2019 at 12:27 PM Scott Kitterman <debian@kitterman.com> wrote:
>
> Please don't install one by default.  I suspect it will cause more trouble for end users than it's worth.  Making sure our default install is severely limited in what ports it listens to is likely more broadly useful and less risky.
>

I agree, we should mitigate risks by keeping open ports as restricted
as possible by default. But it could be useful for higher level
tasksel tasks or meta packages to pull in a firewall configuration
utility (for instance, firewalld) for certain use cases, i.e. it could
be useful for a "standard" server installation with graphic desktop,
for which we could expect most users choosing this method would like
to have advanced firewalling as an enterprise feature to have
out-of-box.

Cheers,
Aron

P.S. I know there is no such a thing called "standard" installation in
Debian, but only referring the name for the sense of RHEL's default
installation entries.
Reply to: