Web lists-archives.com

Re: Why does Debian allow all incoming traffic by default




On Sun 23 Sep 2018 at 21:59:38 +0100, Joe wrote:

> On Sun, 23 Sep 2018 18:58:07 +0100
> Brian <ad44@xxxxxxxxxxxxxxx> wrote:
> 
> > On Sun 23 Sep 2018 at 00:05:58 +0100, mick crane wrote:
> > 
> > > On 2018-09-21 18:29, Subhadip Ghosh wrote:
> > >  Debian is a Universal OS.  
> > > > 
> > > > I wouldn't say whatever you said, doesn't make sense. I wish there
> > > > were an easier way to know about it when I started using the OS,
> > > > something to warn me that I need to configure the firewall to
> > > > suit my needs. Maybe because I came from a different OS where the
> > > > defaults were stricter, my expectations about the defaults were
> > > > different. 
> > > 
> > > fell foul of this years ago. installed OS, naively went on IRC
> > > while looking about at what was installed.
> > > "oh, I seem to have ports open"
> > > 20 seconds later somebody took over my account"  
> > 
> > Tough.
> > 
> > > Rapidly pulls cable and reinstalls.  
> > 
> > And never used IRC again. :)
> > 
> > > Some sort of a warning during installation.
> > > "there is no firewall running, You should probably set up some
> > > rules"
> > > 
> > > would be helpful.  
> > 
> > The ordinary user's eyes would glaze over. The installation process is
> > ok as it is.
> > 
> 
> There are firewall applications which can produce fairly sensible
> defaults painlessly, towards which a hint might be made. If you need
> more control, learn iptables early, you will eventually anyway.

Such applications exist. They have never been part of a default
installation of Debian or ever mentioned. Deduce from that what
you will.

iptables is available. I've never needed to use it. The vast
majority of users won't need it either.

-- 
Brian.