Hi, >>> - Debian should ship a default set of firewall rules. Are we the only >>> distro which doesn't do this? I mean a basic ruleset which drops >>> incoming, accepts outgoing and accepts related,establised is so easy to >>> do... and it would help for all those cases where services are started >>> but not yet finally configured/secured by the admin. >> >> Are all of our users admins that grasp firewalls? > > Most likely not, and therefore I agree that with the current state of > affairs, enabling a firewall on Debian by default is probably a bad idea.
One could also interpret this the other way - since many people don't know how to manually configure a firewall, there should be something there per default that protects them. > However, it should be possible to create a tool which helps novice users > in managing their firewall, and such a tool could be installed by > default on at least a Desktop installation. If we go down that route, > and if said tool is easy enough to use and understand for the most > novice of users, I would absolutely agree that enabling a firewall with > this tool on default installations is desirable. There's firewalld that integrates into NetworkManager - at last for Desktops using the latter (KDE, Gnome, Xfce, probably more) that may be a sensible choice. I didn't have a closer look at it yet, though. Kind regards Ralf -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54561762.1060...@ralfj.de
