Web lists-archives.com

Re: Why does Debian allow all incoming traffic by default




On Sat, Sep 22, 2018 at 04:52:40PM +0200, Pascal Hambourg wrote:
> Le 22/09/2018 à 13:31, Dan Ritter a écrit :
> > On Sat, Sep 22, 2018 at 12:55:24PM +0200, Pascal Hambourg wrote:
> > > I do not see how all this replies to my question :
> 
> This comment was intended to Gene Heskett.
> 
> > > Why should only TCP inbound responses be allowed ? What about UDP-based
> > > protocols, ping replies (ICMP echo reply), ICMP error messages, and so on ?
> > 
> > Given that my entire point was that no firewall policy other
> > than "configure it yourself" will work, it's really you missing
> > the point to expect me to describe a complete firewall policy tuned
> > to your desires.
> 
> It does not matter what you entire point was, and I do not expect you to
> describe a complete firewall policy. *You* exposed a supposedly default
> firewall policy which I happened to find questionable, so I questioned it.

You should certainly find it questionable, 
 
> You would not have exposed a broken firewall policy on purpose in order to
> prove your point, would you ?

Wouldn't I?

I am explicitly describing a firewire policy for the sake of
argument, and in no way advocating it. In fact, the ENTIRE
FREAKING POINT WHICH I HAVE MADE TWICE NOW is that I am *not* 
advocating it.

Do not use this firewall policy. If Debian were to do the stupid
thing of instituting a default firewall policy other than what
it doesn't do now, I would hope for a several month long debate
in debian-developers about what it should be.

-dsr-