[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why not have firewall rules by default?

If this is needed/wanted to Debian, no problems, but remember obscure isn't security. With fwbuilder, lokkit (Gnome), kmyfirewall (kde) etc is very easy made and maintain firewall/s at Linux and all of these are regular Debian packages. That is true at there should be more information about firewall possibilities example at http://www.debian.org/doc/manuals/securing-debian-howto/

I guess my point is if the 'iptables' package is installed by default on Debian, then better integration with Debian would probably be a good idea.

Why is iptables installed by default and why is there no debian way to load/save/unload the iptables rules without making your own init script? Why was the init script removed from Debian (security? no maintainer?)

I like Debian because it don't tried install for me selinux, firewalls and all bells and whistles. This isn't sometimes remember at some distributions :) I can choose myself which is suitable for me.
I agree; not having all the bells and whistles is good, but having choice is good too. No one (I hope) is complaining that after install ssh/apache a file is put in /etc/init.d and /etc/rc2.d. Or that services are starting by default when you install them.

The fact that a debian machine connected to the internet is vulnerable to attacks that have build-in protection on Linux/iptables is strange to me. It would be nice to be able to enable these settings so they stay after a reset via apt or the install.


Reply to: