Re: Safety while network install.
On Wed 23 Nov 2011 at 13:50:53 +0700, Sthu Deus wrote:
> My pondering/suggestions here:
>
> 1. You agree that it is a good thing to be firewalled for the being
> installed system - so in case there is no firewall already for it, then
> it would be still good to have one in the install environment.
No firewall is necessary during an install from a netinst iso. There is
nothing listening for a connection. No listeners - no connections. And
unless Debian provides a kernel which falls over at the mere sniff of
a ping there is no problem there either.
> 2. When the the system has its first reboot, and since then, it would
> be a good thing to have a all net incoming requests for service to be
> blocked by default - for: a) there are now services listening (at least
> Debian likes to install exim, for example, but not limited to), b)
> novice users may have no idea on firewall configuration or linux usage
> at all, and therefore, making such important - I would say - default
> settings just would add more security features to the already secure
> name of Debian.
There is very little need for a firewall on a single machine connected
to the internet at the best of times but a default install has nothing
listening for external connections, so blocking by default doesn't
achieve anything. It's secure to begin with - a firewall doesn't make it
more secure.
Exim does listen, but only for local requests. It will not accept
connections from the internet by default.
Reply to: