|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Why not have firewall rules by default?
Date: Wed Jan 23 2008 - 10:19:01 EST
It's my understanding (and experience) that a Debian system by default
is vulnerable to SYN flooding (at least when running services) and other
such mischeif. I was curious as to why tcp_syncookies (and similar
things) are not enabled by default.
Many distros (RPM-based mostly from my experience) ask you during the install if you'd like to enable firewall protection. I was curious if debian was every going to have this as an option?
One solution could be to have a folder called /etc/security/iptables that contains files that get passed to iptables at startup (in the same way /etc/rc2.d gets read in numeric order). So you could have files like 22ssh, 23ftp, etc. with iptable rules in each file. You could also have an 'ENABLED' variable like some files in /etc/default have (so that ports wouldn't be opened by default; the user would have to manually enable them for the port to be opened).
Then they'd just run /etc/init.d/iptables restart and the port would be opened (flush the rules, reapply).
Even a central iptables-save format file that gets passed to iptables at startup would be nice. It's easy enough to do manually, but would be nice to see integrated with debian itself (packages managing their own rules, etc.).
Is debian every going to introduce a better way of having iptables rules be run at startup and easily saved/managed, or will this always be a manual process?
Thanks!
-Will
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Received on Wed Jan 23 10:18:59 2008
This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:55:21 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |