Re: Why not have firewall rules by default?
* Ondrej Zajicek:
>> You could also have an 'ENABLED' variable like some files in
>> /etc/default have (so that ports wouldn't be opened by default; the
>> user would have to manually enable them for the port to be opened).
>
> Better way is just not start that daemon.
The daemon might have been installed by a package dependency, more or
less by accident. Debian should have a policy that all daemons bind to
the loopback interface by default, but as long as this is not the case,
I can understand why people put paket filters on hosts as a safety net.
On the other hand, at this stage, it's very difficult for Debian as a
distribution to choose what firewall scripting framework should be used.
(But I don't think this is worth the effort.)
Reply to: