Re: Why does Debian allow all incoming traffic by default

To: debian-user@lists.debian.org
Subject: Re: Why does Debian allow all incoming traffic by default
From: Jonathan Dowland <jmtd@debian.org>
Date: Wed, 26 Sep 2018 18:19:46 +0100
Message-id: <[🔎] 20180926171946.GB2820@chew.redmars.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20180926160733.505ef37f@jresid.jretrading.com>
References: <[🔎] da96e6a3-ac34-8d4f-7784-4776e95aee5f@gmail.com> <[🔎] 20180921170935.uidjpny7beevmb6m@randomstring.org> <[🔎] 6239a3ad-7e04-f30c-10cc-3d8fcc52ece6@plouf.fr.eu.org> <[🔎] 201809220512.38348.gheskett@shentel.net> <[🔎] 20180924185239.GE4020@chew.redmars.org> <[🔎] 20180924202155.6cc7afb7@jresid.jretrading.com> <[🔎] 20180926133941.GB17321@chew.redmars.org> <[🔎] 20180926160733.505ef37f@jresid.jretrading.com>

On Wed, Sep 26, 2018 at 04:07:33PM +0100, Joe wrote:

You're only moving the problem around. Some completely standard piece of
code *somewhere* has to know what is the right place to insert such a
rule. I'll give you an example: neither the beginning nor the end of my
INPUT chain is the right place, because I do some catch-all stuff about
RELATED and INVALID at the beginning of the chain, and some assorted
logging at the end. I don't want anything placed before or after those
parts. In fact, the right place for my server firewall isn't in the
INPUT chain at all, but in one of a few custom chains.


Exactly, it would not be worth attempting to support meshing your setup
with the system I sketched out. This is exactly the situation where I'd
say you go it alone instead, exactly as you do now.


--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄⠀⠀⠀⠀ Please do not CC me, I am subscribed to the list.

Reply to:

References:
- Why does Debian allow all incoming traffic by default
  - From: Subhadip Ghosh <subhadip.sky@gmail.com>
- Re: Why does Debian allow all incoming traffic by default
  - From: Dan Ritter <dsr@randomstring.org>
- Re: Why does Debian allow all incoming traffic by default
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: Why does Debian allow all incoming traffic by default
  - From: Gene Heskett <gheskett@shentel.net>
- Re: Why does Debian allow all incoming traffic by default
  - From: Jonathan Dowland <jmtd@debian.org>
- Re: Why does Debian allow all incoming traffic by default
  - From: Joe <joe@jretrading.com>
- Re: Why does Debian allow all incoming traffic by default
  - From: Jonathan Dowland <jmtd@debian.org>
- Re: Why does Debian allow all incoming traffic by default
  - From: Joe <joe@jretrading.com>

Prev by Date: Re: Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???
Next by Date: Re: Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???
Previous by thread: Re: Why does Debian allow all incoming traffic by default
Next by thread: Re: Why does Debian allow all incoming traffic by default
Index(es):
- Date
- Thread