|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Why not have firewall rules by default?
Date: Wed Jan 23 2008 - 17:36:04 EST
Am Wednesday, den 23 January hub Florian Weimer folgendes in die Tasten:
> * Ondrej Zajicek:
> >> You could also have an 'ENABLED' variable like some files in
> >> /etc/default have (so that ports wouldn't be opened by default; the
> >> user would have to manually enable them for the port to be opened).
> > Better way is just not start that daemon.
> The daemon might have been installed by a package dependency, more or
> less by accident. Debian should have a policy that all daemons bind to
> the loopback interface by default, but as long as this is not the case,
> I can understand why people put paket filters on hosts as a safety net.
This might be a good idea, but on the other hand if you install packages
you should have a look what is installed and deactivate it or cut it of
the net if you don't want it.
IMO this is the task of the user/admin, not the distro.
> On the other hand, at this stage, it's very difficult for Debian as a
> distribution to choose what firewall scripting framework should be used.
> (But I don't think this is worth the effort.)
ACK
I think this kind of preseeded firewall would be the first thing
experienced users would kick away as it most probably would be
annoying for them.
Ciao
Max
-- Follow the white penguin. -- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.orgReceived on Wed Jan 23 18:21:20 2008
This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:55:27 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |