On Wed 23 Nov 2011 at 13:50:53 +0700, Sthu Deus wrote: > My pondering/suggestions here: > > 1. You agree that it is a good thing to be firewalled for the being > installed system - so in case there is no firewall already for it, then > it would be still good to have one in the install environment.
No firewall is necessary during an install from a netinst iso. There is nothing listening for a connection. No listeners - no connections. And unless Debian provides a kernel which falls over at the mere sniff of a ping there is no problem there either. > 2. When the the system has its first reboot, and since then, it would > be a good thing to have a all net incoming requests for service to be > blocked by default - for: a) there are now services listening (at least > Debian likes to install exim, for example, but not limited to), b) > novice users may have no idea on firewall configuration or linux usage > at all, and therefore, making such important - I would say - default > settings just would add more security features to the already secure > name of Debian. There is very little need for a firewall on a single machine connected to the internet at the best of times but a default install has nothing listening for external connections, so blocking by default doesn't achieve anything. It's secure to begin with - a firewall doesn't make it more secure. Exim does listen, but only for local requests. It will not accept connections from the internet by default. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111123111601.GA2873@desktop
