[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why not have firewall rules by default?

Am Wednesday, den 23 January hub Florian Weimer folgendes in die Tasten:

> * Ondrej Zajicek:

> >> You could also have an 'ENABLED' variable like some files in
> >> /etc/default have (so that ports wouldn't be opened by default; the
> >> user would have to manually enable them for the port to be opened).

> > Better way is just not start that daemon.

> The daemon might have been installed by a package dependency, more or
> less by accident.  Debian should have a policy that all daemons bind to
> the loopback interface by default, but as long as this is not the case,
> I can understand why people put paket filters on hosts as a safety net.

This might be a good idea, but on the other hand if you install packages
you should have a look what is installed and deactivate it or cut it of
the net if you don't want it.
IMO this is the task of the user/admin, not the distro.

> On the other hand, at this stage, it's very difficult for Debian as a
> distribution to choose what firewall scripting framework should be used.
> (But I don't think this is worth the effort.)

ACK
I think this kind of preseeded firewall would be the first thing
experienced users would kick away as it most probably would be
annoying for them.

Ciao
Max
-- 
	Follow the white penguin.
Reply to: