Re: Why not have firewall rules by default?
If this is needed/wanted to Debian, no problems, but remember obscure
isn't security.
With fwbuilder, lokkit (Gnome), kmyfirewall (kde) etc is very easy
made and maintain firewall/s at Linux and all of these are regular
Debian packages. That is true at there should be more information
about firewall possibilities example at
http://www.debian.org/doc/manuals/securing-debian-howto/
I guess my point is if the 'iptables' package is installed by default on
Debian, then better integration with Debian would probably be a good idea.
Why is iptables installed by default and why is there no debian way to
load/save/unload the iptables rules without making your own init script?
Why was the init script removed from Debian (security? no maintainer?)
I like Debian because it don't tried install for me selinux, firewalls
and all bells and whistles. This isn't sometimes remember at some
distributions :) I can choose myself which is suitable for me.
I agree; not having all the bells and whistles is good, but having
choice is good too. No one (I hope) is complaining that after install
ssh/apache a file is put in /etc/init.d and /etc/rc2.d. Or that services
are starting by default when you install them.
The fact that a debian machine connected to the internet is vulnerable
to attacks that have build-in protection on Linux/iptables is strange to
me. It would be nice to be able to enable these settings so they stay
after a reset via apt or the install.
-Will
Reply to: