Re: Why not have firewall rules by default?

[Florian Weimer <fw@deneb.enyo.de>]

* Ondrej Zajicek:

>> You could also have an 'ENABLED' variable like some files in
>> /etc/default have (so that ports wouldn't be opened by default; the
>> user would have to manually enable them for the port to be opened).
>
> Better way is just not start that daemon.

The daemon might have been installed by a package dependency, more or
less by accident.  Debian should have a policy that all daemons bind to
the loopback interface by default, but as long as this is not the case,
I can understand why people put paket filters on hosts as a safety net.

On the other hand, at this stage, it's very difficult for Debian as a
distribution to choose what firewall scripting framework should be used.
(But I don't think this is worth the effort.)