Hosting Provided By

Re: Why not have firewall rules by default?

From: Florian Weimer <fw(at)deneb.enyo.de>
Date: Wed Jan 23 2008 - 17:22:41 EST

Ondrej Zajicek:

>> You could also have an 'ENABLED' variable like some files in
>> /etc/default have (so that ports wouldn't be opened by default; the
>> user would have to manually enable them for the port to be opened).
>
> Better way is just not start that daemon.

The daemon might have been installed by a package dependency, more or less by accident. Debian should have a policy that all daemons bind to the loopback interface by default, but as long as this is not the case, I can understand why people put paket filters on hosts as a safety net.

On the other hand, at this stage, it's very difficult for Debian as a distribution to choose what firewall scripting framework should be used. (But I don't think this is worth the effort.)

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Wed Jan 23 17:23:22 2008

This message: [ Message body ]
Next message: James Shupe: "Re: Why not have firewall rules by default?"
Previous message: Riku Valli: "Re: Why not have firewall rules by default?"
In reply to: Ondrej Zajicek: "Re: Why not have firewall rules by default?"
Next in thread: James Shupe: "Re: Why not have firewall rules by default?"
Reply: James Shupe: "Re: Why not have firewall rules by default?"
Reply: Maximilian Wilhelm: "Re: Why not have firewall rules by default?"
Reply: Russ Allbery: "Re: Why not have firewall rules by default?"
Reply: Javier Fernández-Sanguino Peña: "Re: Why not have firewall rules by default?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:55:25 EDT