Re: Why does Debian allow all incoming traffic by default
- Date: Fri, 21 Sep 2018 19:14:03 +0100
- From: Brian <ad44@xxxxxxxxxxxxxxx>
- Subject: Re: Why does Debian allow all incoming traffic by default
On Fri 21 Sep 2018 at 19:25:22 +0300, Reco wrote:
> On Fri, Sep 21, 2018 at 08:55:21AM -0400, Henning Follmann wrote:
> > On Fri, Sep 21, 2018 at 08:34:50AM +0530, Subhadip Ghosh wrote:
> > > Hi,
> > >
> > > I am using Debian and the recently I learned that a standard Debian
> > > installation allows all 3 types of traffics especially incoming by default.
> > > I know I can easily use iptables to tighten the rules but I wanted to know
> > > the reasons behind the choice of this default behaviour and if it makes the
> > > system more vulnerable? I tried searching on the Internet but did not get
> > > any satisfactory explanation. It will be helpful if anybody knows the
> > > answers to my questions or can redirect me to a helpful document.
> > >
> > The answer is easy. Because Debian is awesome (TM). So are most other
> > distributions.
> Hear, hear.
> > Run a netstat -t -l and you will see there is nothing listening. So what is
> > the point of running a firewall?
> The point is to be a good netizen, as always. By running any sane kind of
> packet filter you're avoiding participating in TCP RST attack.
How do you do attack when (as Henning Follmann says) nothing is listening?
There is no point with a standard Debian installation (which is what the
OP inquired about). Debian is already a good netizen.