Web lists-archives.com

Re: Why does Debian allow all incoming traffic by default




On Fri 21 Sep 2018 at 19:25:22 +0300, Reco wrote:

> 	Hi.
> 
> On Fri, Sep 21, 2018 at 08:55:21AM -0400, Henning Follmann wrote:
> > On Fri, Sep 21, 2018 at 08:34:50AM +0530, Subhadip Ghosh wrote:
> > > Hi,
> > > 
> > > I am using Debian and the recently I learned that a standard Debian
> > > installation allows all 3 types of traffics especially incoming by default.
> > > I know I can easily use iptables to tighten the rules but I wanted to know
> > > the reasons behind the choice of this default behaviour and if it makes the
> > > system more vulnerable? I tried searching on the Internet but did not get
> > > any satisfactory explanation. It will be helpful if anybody knows the
> > > answers to my questions or can redirect me to a helpful document.
> > > 
> > 
> > The answer is easy. Because Debian is awesome (TM). So are most other
> > distributions.
> 
> Hear, hear.
> 
> > Run a netstat -t -l and you will see there is nothing listening. So what is
> > the point of running a firewall?
> 
> The point is to be a good netizen, as always. By running any sane kind of
> packet filter you're avoiding participating in TCP RST attack.

How do you do attack when (as Henning Follmann says) nothing is listening?
There is no point with a standard Debian installation (which is what the
OP inquired about). Debian is already a good netizen.

-- 
Brian.