Re: Why does Debian allow all incoming traffic by default

To: Pascal Hambourg <pascal@plouf.fr.eu.org>
Cc: debian-user@lists.debian.org
Subject: Re: Why does Debian allow all incoming traffic by default
From: Dan Ritter <dsr@randomstring.org>
Date: Sat, 22 Sep 2018 14:27:44 -0400
Message-id: <[🔎] 20180922182744.jcsqfai25o3ss6am@randomstring.org>
In-reply-to: <[🔎] 4eff4c8c-d758-b3cd-2851-7057d2d29f4b@plouf.fr.eu.org>
References: <[🔎] da96e6a3-ac34-8d4f-7784-4776e95aee5f@gmail.com> <[🔎] 20180921170935.uidjpny7beevmb6m@randomstring.org> <[🔎] 6239a3ad-7e04-f30c-10cc-3d8fcc52ece6@plouf.fr.eu.org> <[🔎] 201809220512.38348.gheskett@shentel.net> <[🔎] fd8b829c-067a-9df4-f8d8-6bda05f88bd5@plouf.fr.eu.org> <[🔎] 20180922113100.yiyzolglj6gwi6uc@randomstring.org> <[🔎] 4eff4c8c-d758-b3cd-2851-7057d2d29f4b@plouf.fr.eu.org>

On Sat, Sep 22, 2018 at 04:52:40PM +0200, Pascal Hambourg wrote:
> Le 22/09/2018 à 13:31, Dan Ritter a écrit :
> > On Sat, Sep 22, 2018 at 12:55:24PM +0200, Pascal Hambourg wrote:
> > > I do not see how all this replies to my question :
> 
> This comment was intended to Gene Heskett.
> 
> > > Why should only TCP inbound responses be allowed ? What about UDP-based
> > > protocols, ping replies (ICMP echo reply), ICMP error messages, and so on ?
> > 
> > Given that my entire point was that no firewall policy other
> > than "configure it yourself" will work, it's really you missing
> > the point to expect me to describe a complete firewall policy tuned
> > to your desires.
> 
> It does not matter what you entire point was, and I do not expect you to
> describe a complete firewall policy. *You* exposed a supposedly default
> firewall policy which I happened to find questionable, so I questioned it.

You should certainly find it questionable, 
 
> You would not have exposed a broken firewall policy on purpose in order to
> prove your point, would you ?

Wouldn't I?

I am explicitly describing a firewire policy for the sake of
argument, and in no way advocating it. In fact, the ENTIRE
FREAKING POINT WHICH I HAVE MADE TWICE NOW is that I am *not* 
advocating it.

Do not use this firewall policy. If Debian were to do the stupid
thing of instituting a default firewall policy other than what
it doesn't do now, I would hope for a several month long debate
in debian-developers about what it should be.

-dsr-

Reply to:

Follow-Ups:
- Re: Why does Debian allow all incoming traffic by default
  - From: Gene Heskett <gheskett@shentel.net>
- Re: Why does Debian allow all incoming traffic by default
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>

References:
- Why does Debian allow all incoming traffic by default
  - From: Subhadip Ghosh <subhadip.sky@gmail.com>
- Re: Why does Debian allow all incoming traffic by default
  - From: Dan Ritter <dsr@randomstring.org>
- Re: Why does Debian allow all incoming traffic by default
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: Why does Debian allow all incoming traffic by default
  - From: Gene Heskett <gheskett@shentel.net>
- Re: Why does Debian allow all incoming traffic by default
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: Why does Debian allow all incoming traffic by default
  - From: Dan Ritter <dsr@randomstring.org>
- Re: Why does Debian allow all incoming traffic by default
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>

Prev by Date: Re: ACPI BIOS ERROR
Next by Date: Re: netstat
Previous by thread: Re: Why does Debian allow all incoming traffic by default
Next by thread: Re: Why does Debian allow all incoming traffic by default
Index(es):
- Date
- Thread