Web lists-archives.com

Re: Why does Debian allow all incoming traffic by default

On Sat, Sep 22, 2018 at 04:52:40PM +0200, Pascal Hambourg wrote:
> Le 22/09/2018 à 13:31, Dan Ritter a écrit :
> > On Sat, Sep 22, 2018 at 12:55:24PM +0200, Pascal Hambourg wrote:
> > > I do not see how all this replies to my question :
> This comment was intended to Gene Heskett.
> > > Why should only TCP inbound responses be allowed ? What about UDP-based
> > > protocols, ping replies (ICMP echo reply), ICMP error messages, and so on ?
> > 
> > Given that my entire point was that no firewall policy other
> > than "configure it yourself" will work, it's really you missing
> > the point to expect me to describe a complete firewall policy tuned
> > to your desires.
> It does not matter what you entire point was, and I do not expect you to
> describe a complete firewall policy. *You* exposed a supposedly default
> firewall policy which I happened to find questionable, so I questioned it.

You should certainly find it questionable, 
> You would not have exposed a broken firewall policy on purpose in order to
> prove your point, would you ?

Wouldn't I?

I am explicitly describing a firewire policy for the sake of
argument, and in no way advocating it. In fact, the ENTIRE
advocating it.

Do not use this firewall policy. If Debian were to do the stupid
thing of instituting a default firewall policy other than what
it doesn't do now, I would hope for a several month long debate
in debian-developers about what it should be.