Web lists-archives.com

Re: Why does Debian allow all incoming traffic by default




Hi Roberto,

On Friday 21 September 2018 08:51 AM, Roberto C. Sánchez wrote:
On Fri, Sep 21, 2018 at 08:34:50AM +0530, Subhadip Ghosh wrote:
Hi,

I am using Debian and the recently I learned that a standard Debian
installation allows all 3 types of traffics especially incoming by default.
What do you mean by "all 3 types of traffics"?
Incoming, Outgoing and Forward
I know I can easily use iptables to tighten the rules but I wanted to know
the reasons behind the choice of this default behaviour and if it makes the
system more vulnerable?
The behavior you observe is likely because that is the best default that is
universally applicable.
But does it make the system more vulnerable in any way to attacks over the network? And how will a new Debian user would know of this behaviour? I don't even see it mentioned on the Stretch Installation manual anywhere.

I tried searching on the Internet but did not get
any satisfactory explanation. It will be helpful if anybody knows the
answers to my questions or can redirect me to a helpful document.

Where did you search or what terms did you use?
Search engines (Google and Duckduckgo). Search terms were similar to the email subject line. I also read the wiki on Debian Firewall where it says about the choice of defaults but not the reasons.

Thanks,
Subhadip