Web lists-archives.com

Re: Why does Debian allow all incoming traffic by default

Le 22/09/2018 à 20:27, Dan Ritter a écrit :
On Sat, Sep 22, 2018 at 04:52:40PM +0200, Pascal Hambourg wrote:

It does not matter what you entire point was, and I do not expect you to
describe a complete firewall policy. *You* exposed a supposedly default
firewall policy which I happened to find questionable, so I questioned it.

You should certainly find it questionable,

Thanks for acknowledging it.

You would not have exposed a broken firewall policy on purpose in order to
prove your point, would you ?

Wouldn't I?

I hope not.

I am explicitly describing a firewire policy for the sake of
argument, and in no way advocating it.

For the sake of argument, you should have described a sensible firewall policy or no one would have taken your point seriously. The policy you described was not sensible. Here is a common one which allows outbound "connections" :

- accept outbound packets and related inbound replies
- deny other inbound packets