Web lists-archives.com

Re: Why does Debian allow all incoming traffic by default




Pascal Hambourg wrote:
> Le 21/09/2018 à 19:09, Dan Ritter a écrit :
>> 
>> Let's suppose Debian installs a basic firewall by default. How
>> basic? Let's say:
>> 
>>      - outbound: permit
>>      - forward: deny
>>      - inbound: accept NTP, DHCP, DNS, and any TCP packet which is a
>>        response to an outbound packet
>
> Why should unsolicited NTP, DHCP and DNS inbound packets be allowed ?

In my case, the box is running as a server for those protocols.  Though,
Gene (or others) may do things differently.  NOTE -I only listen for
unsolicited requests on the LAN for those.

Only stuff on the internet is SSH and SMTP.
>
> Why should only TCP inbound responses be allowed ? What about UDP-based 
> protocols, ping replies (ICMP echo reply), ICMP error messages, and so on ?

DNS is UDP (er, by default; though it can use TCP).  ICMP echo would
most likely fall under the "response to something outbound".


-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281