Re: Why does Debian allow all incoming traffic by default

[Reco <recoverym4n@gmail.com>]

	Hi.

On Fri, Sep 21, 2018 at 08:55:21AM -0400, Henning Follmann wrote:
> On Fri, Sep 21, 2018 at 08:34:50AM +0530, Subhadip Ghosh wrote:
> > Hi,
> > 
> > I am using Debian and the recently I learned that a standard Debian
> > installation allows all 3 types of traffics especially incoming by default.
> > I know I can easily use iptables to tighten the rules but I wanted to know
> > the reasons behind the choice of this default behaviour and if it makes the
> > system more vulnerable? I tried searching on the Internet but did not get
> > any satisfactory explanation. It will be helpful if anybody knows the
> > answers to my questions or can redirect me to a helpful document.
> > 
> 
> The answer is easy. Because Debian is awesome (TM). So are most other
> distributions.

Hear, hear.

> Run a netstat -t -l and you will see there is nothing listening. So what is
> the point of running a firewall?

The point is to be a good netizen, as always. By running any sane kind of
packet filter you're avoiding participating in TCP RST attack.

> By default no services (ipp might be the one exception) are running and
> listening.

Portmapper does - tcp 111.

Reco