Re: Why does Debian allow all incoming traffic by default
- Date: Fri, 21 Sep 2018 23:03:29 +0530
- From: Subhadip Ghosh <subhadip.sky@xxxxxxxxx>
- Subject: Re: Why does Debian allow all incoming traffic by default
Blocking incoming and forwarded traffic would probably not be surprising
to many people. However, blocking outgoint traffic would be exceedingly
confusing to many people.
Yep. Totally agreed.
While there is possibly an argument that not configuring a firewall by
default introduces some vulnerability, it is equally valid to argue that
there are no sensible default firewall policies that can be put into
place without a defined threat model.
I suspect that the vast majority of people deploying systems are doing
so behind some sort of device that provides border security to the local
network (e.g., router/firewall/NAT/etc.). So, if the default threat
model is "a relatively trusted network with adequate border security"
then the current default is appropriate.
Those who deploy systems directly to a location where they are in
immediate contact with the public Internet should already understand the
ramifications of that decision and tailor their installation process
I don't disagree.