Web lists-archives.com

Re: Why does Debian allow all incoming traffic by default


On Fri, Sep 21, 2018 at 11:18:36PM +0200, deloptes wrote:
> Reco wrote:
> > So, in this regard Debian is imperfect, but at least they give you right
> > tools to solve the problem (iptables suite), and do not force braindead
> > firewall policies by default (like RHEL does).
> So this is why a wise guy buys an industrial pc for 200 US or wrt capable
> router for 20-30 US installs linux and makes a good firewall then puts it
> between ISP and his own network.

That's one way of solving it as such measure only covers one's
conventional household needs. Barely - as there's this guest Wi-Fi and
that curious neighbour kid.

There are laptops that are expected to connect for foreign LANs. And
foreign LANs can be expected to contain all kinds of hostilities.

There are hosting providers that provide you hardware, some OS
installation customized to their (unusual if not perversive) tastes and
all the Internet inbound access.

So, as I wrote - they give everyone the right tools, so anyone has it.
Using them is simple enough (some assembly required though), but as
others wrote in this thread - there are no sane defaults.