Web lists-archives.com

Re: Why does Debian allow all incoming traffic by default




Le 22/09/2018 à 15:39, Dan Purgert a écrit :
Pascal Hambourg wrote:
Le 21/09/2018 à 19:09, Dan Ritter a écrit :

Let's suppose Debian installs a basic firewall by default. How
basic? Let's say:

      - outbound: permit
      - forward: deny
      - inbound: accept NTP, DHCP, DNS, and any TCP packet which is a
        response to an outbound packet

Why should unsolicited NTP, DHCP and DNS inbound packets be allowed ?

In my case, the box is running as a server for those protocols.

These services are not present *by default*. Dan Ritter talked about a basic firewall *by default*.

Why should only TCP inbound responses be allowed ? What about UDP-based
protocols, ping replies (ICMP echo reply), ICMP error messages, and so on ?

DNS is UDP (er, by default; though it can use TCP).  ICMP echo would
most likely fall under the "response to something outbound".

Dan Ritter did not mention "response to something outbound" but
"any *TCP* packet which is a response to an outbound packet".
ICMP echo is not TCP. I was questioning that TCP restriction.