Web lists-archives.com

Re: Why does Debian allow all incoming traffic by default




Hi Roberto,
Blocking incoming and forwarded traffic would probably not be surprising
to many people.  However, blocking outgoint traffic would be exceedingly
confusing to many people.
Yep. Totally agreed.
https://www.debian.org/doc/manuals/debian-handbook/security.en.html
Thanks.
While there is possibly an argument that not configuring a firewall by
default introduces some vulnerability, it is equally valid to argue that
there are no sensible default firewall policies that can be put into
place without a defined threat model.

I suspect that the vast majority of people deploying systems are doing
so behind some sort of device that provides border security to the local
network (e.g., router/firewall/NAT/etc.).  So, if the default threat
model is "a relatively trusted network with adequate border security"
then the current default is appropriate.

Those who deploy systems directly to a location where they are in
immediate contact with the public Internet should already understand the
ramifications of that decision and tailor their installation process
accordingly.

I don't disagree.

Thanks,
Subhadip