Re: services installed and running "out of the box"
I haven't done more then look at the screen shots for it, but the
"personal firewall" (eg: iptables frontend) that comes with RH9 looks to
be default deny for most incoming traffic while providing a nice (read:
graphical and straightforward) way to punch essential holes through it
as needed. (and only as needed)
Don't get me wrong, I like powerful CLI interfaces to my firewall as
much as the next fellow, but it is fairly easy to make a mistake that
can leave you vulnerable. For the common cases, I think it makes a lot
of sense to provide a dead simple way to configure it.
I recall seeing a firewall.sh script in init.d, but it was plastered
with warnings not to actually use it, so I didn't ;) Anyone know if more
work has been done in this area?
On Wed, 2003-09-24 at 18:01, Michael Stone wrote:
> On Wed, Sep 24, 2003 at 08:16:41PM -0400, Noah L. Meyerhans wrote:
> >Basically, I think that "security levels" don't gain you anything over
> >"don't install the package".
>
> Until installing a package has the side effect of installing a network
> service. Having a default-deny-incoming firewall or some such would go a
> long way toward preventing accidental vulnerability exposure.
>
> Mike Stone
>
Reply to: