Re: Why not have firewall rules by default?
Am Wednesday, den 23 January hub Florian Weimer folgendes in die Tasten:
> * Ondrej Zajicek:
> >> You could also have an 'ENABLED' variable like some files in
> >> /etc/default have (so that ports wouldn't be opened by default; the
> >> user would have to manually enable them for the port to be opened).
> > Better way is just not start that daemon.
> The daemon might have been installed by a package dependency, more or
> less by accident. Debian should have a policy that all daemons bind to
> the loopback interface by default, but as long as this is not the case,
> I can understand why people put paket filters on hosts as a safety net.
This might be a good idea, but on the other hand if you install packages
you should have a look what is installed and deactivate it or cut it of
the net if you don't want it.
IMO this is the task of the user/admin, not the distro.
> On the other hand, at this stage, it's very difficult for Debian as a
> distribution to choose what firewall scripting framework should be used.
> (But I don't think this is worth the effort.)
ACK
I think this kind of preseeded firewall would be the first thing
experienced users would kick away as it most probably would be
annoying for them.
Ciao
Max
--
Follow the white penguin.
Reply to: