Re: Why not have firewall rules by default?

To: debian-security@lists.debian.org
Subject: Re: Why not have firewall rules by default?
From: Russ Allbery <rra@debian.org>
Date: Wed, 23 Jan 2008 15:35:58 -0800
Message-id: <[🔎] 87ve5kyv1d.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 87ir1krxla.fsf@mid.deneb.enyo.de> (Florian Weimer's message of "Wed\, 23 Jan 2008 23\:22\:41 +0100")
References: <[🔎] 47975AE5.80801@gmail.com> <[🔎] 20080123180815.GA20876@localhost.localdomain> <[🔎] 87ir1krxla.fsf@mid.deneb.enyo.de>

Florian Weimer <fw@deneb.enyo.de> writes:

> The daemon might have been installed by a package dependency, more or
> less by accident.  Debian should have a policy that all daemons bind to
> the loopback interface by default, but as long as this is not the case,
> I can understand why people put paket filters on hosts as a safety net.

This would be a rather silly policy to have for, say, a Kerberos KDC or an
LDAP server.  The normal installation for such packages is on servers, and
defaulting to not providing the service just makes the administrator jump
through unnecessary hoops and isn't consistent with the idea that
installation should result in a working package.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

References:
- Why not have firewall rules by default?
  - From: William Twomey <william.twomey@gmail.com>
- Re: Why not have firewall rules by default?
  - From: Ondrej Zajicek <santiago@crfreenet.org>
- Re: Why not have firewall rules by default?
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: Why not have firewall rules by default?
Next by Date: Re: Why not have firewall rules by default?
Previous by thread: Re: Why not have firewall rules by default?
Next by thread: Re: Why not have firewall rules by default?
Index(es):
- Date
- Thread