On Mon, Sep 29, 2003 at 12:06:43AM -0400, Phillip Hofmeister wrote: > I would consider implementing an iptables firewall (whether it be > shorewall or home brewed (if you know what you are doing)) to be a bare > minimum for best-practices. > > Unfortunately (unlike RedHat and Mandrake) Debian offers no firewall as > part of the default installation. Wrong. The kernel shipped in Debian does provide firewalling capabilities. Also, the iptables package is part of the default installation (Priority: standard) > > My advise, have a good generic firewall shell script and use it and > place it in /etc/rc(S|2).d/ of every system you install. > /etc/init.d/iptables is part of the default installation. You might be right that there are is no default GUI to configure it and it does not implement any policy out of the box (see #212692 or bug #63623). However, these are (slightly?) mitigated by: a) For those users that do not want to learn firewalling, they have quite a number of GUIs to install and configure it, from gnome-firestarter to kfirewall. b) For those that want to play with iptables they can just do '/etc/init.d/iptables save' after making them so that they are used in their next reboot. Obviously this is targeted towards people that read (and understand) http://www.linux-firewall-tools.com/linux/faq/index3-6.html Regards Javi
Attachment:
pgpQnAhJDcdWJ.pgp
Description: PGP signature