On Monday 20 August 2007 10:47, alex black wrote: > > thus defeat the purpose). A default firewall simply can't work, > > even if we > > had some way to implement it perfectly for all packages (without > > breaking > > any, which we undoubtedly would). > > It all depends on context - I agree that a default firewall for > "debian" is stupid, but if you look at the way an OpenBSD box looks > when the default install is done, that is my ideal. I happen to > prefer the way thing generally are done in debian, but on the initial > install, OpenBSD whips any other OS I've seen. It has pf on by > default and only allows SSH connections. Ideal. > > Would that be a good idea for a workstation? No - nightmare. Is it a > good idea for a server? Yes absolutely. Servers, unless they are > packaged appliance distros or subdistros, should always have the bare > minimum of services and allow SSH only by default. > > $.000002 > > _a > > > -- > alex black, founder > the turing studio, inc. I apologize if what I meant was clear. I declined to include the word 'debian' here, because the context is clear from previous posts in the thread. Excellent point, though. Workstations don't need a firewall. Servers probably do. I don't disagree (I wholly agree, actually). However, the typical server is set up by someone who knows what they're doing (not someone who would need help setting up a firewall), and has specific requirements. My intention wasn't to say a default firewall can never work, but that it can't work for debian, given the community/ideology and existing user-base surrounding it. -- Sincerely, Jack jakykong@theanythingbox.com My GPG Public Key can be found at: https://www.theanythingbox.com/pgp.htm (top link is current) I appreciate signatures, but if you only know me online, please use the --lsign-key, not the --sign-key. I appreciate trust -- but too much makes it less valuable.
Attachment:
pgpD7cV7qO69V.pgp
Description: PGP signature