Re: Why not have firewall rules by default?

> If this is needed/wanted to Debian, no problems, but remember obscure
> isn't security.
> With fwbuilder, lokkit (Gnome), kmyfirewall (kde) etc is very easy
> made and maintain firewall/s at Linux and all of these are regular
> Debian packages. That is true at there should be more information
> about firewall possibilities example at
> http://www.debian.org/doc/manuals/securing-debian-howto/
>

I guess my point is if the 'iptables' package is installed by default on Debian, then better integration with Debian would probably be a good idea.

Why is iptables installed by default and why is there no debian way to load/save/unload the iptables rules without making your own init script? Why was the init script removed from Debian (security? no maintainer?)

> I like Debian because it don't tried install for me selinux, firewalls
> and all bells and whistles. This isn't sometimes remember at some
> distributions :) I can choose myself which is suitable for me.
I agree; not having all the bells and whistles is good, but having choice is good too. No one (I hope) is complaining that after install ssh/apache a file is put in /etc/init.d and /etc/rc2.d. Or that services are starting by default when you install them.

The fact that a debian machine connected to the internet is vulnerable to attacks that have build-in protection on Linux/iptables is strange to me. It would be nice to be able to enable these settings so they stay after a reset via apt or the install.

-Will

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org