[linux-elitists] Integrating the firewall and the package manager?
Mark van Walraven
Wed Apr 13 01:34:49 PDT 2005
On Tue, Apr 12, 2005 at 11:28:06AM -0700, Don Marti wrote:
> Basically, the system boots up with all tables default
> DROP. Then, when any daemon starts, its init script
> is responsible for setting up any rules necessary
> for it to do its job. If you start a local-only
I will raise a dissenting hand - I like having firewall rules hand-
configured, so that when I (or any green "sysadmin" I have to pick up the
pieces after) installs xdilbert and dependencies pull in foo-server,
I'm not exposing/allowing more services than I think I am to the world.
Defense in depth, Hamming distance to vulnerability, rah, rah. A
handwave, obviously but please think of the number of systems that have
apache or wu-ftpd installed unnecessarily.
Disclaimer: I am one of the very few people in the world that thinks
that /etc/init.d/iptables is a good idea ...
 Made up.
 The one that slipped in with ./configure --do-it-to-me-baby, fixed
in the source upload but still waiting for the buildds to catch up.
More information about the linux-elitists