Re: secure installation
-----BEGIN PGP SIGNED MESSAGE-----
thus defeat the purpose). A default firewall simply can't work,
even if we
had some way to implement it perfectly for all packages (without
any, which we undoubtedly would).
It all depends on context - I agree that a default firewall for
"debian" is stupid, but if you look at the way an OpenBSD box looks
when the default install is done, that is my ideal. I happen to
prefer the way thing generally are done in debian, but on the initial
install, OpenBSD whips any other OS I've seen. It has pf on by
default and only allows SSH connections. Ideal.
Would that be a good idea for a workstation? No - nightmare. Is it a
good idea for a server? Yes absolutely. Servers, unless they are
packaged appliance distros or subdistros, should always have the bare
minimum of services and allow SSH only by default.
alex black, founder
the turing studio, inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
-----END PGP SIGNATURE-----