[linux-elitists] Integrating the firewall and the package manager?

Mike MacCana mmaccana@redhat.com
Sat Apr 30 11:22:58 PDT 2005


Mark van Walraven wrote:

>On Tue, Apr 12, 2005 at 11:28:06AM -0700, Don Marti wrote:
>  
>
>>Basically, the system boots up with all tables default
>>DROP.  Then, when any daemon starts, its init script
>>is responsible for setting up any rules necessary
>>for it to do its job.  If you start a local-only
>>    
>>
>
>I will raise a dissenting hand - I like having firewall rules hand-
>configured, so that when I (or any green "sysadmin" I have to pick up the
>pieces after) installs xdilbert[1] and dependencies pull in foo-server[2],
>I'm not exposing/allowing more services than I think I am to the world.
>  
>
But the user's already selected what rules they want by specifically 
electing the service starts by default in that runlevel.

If packages are starting network services (that listen on more than 
localhost) by default, that's a bug in that package and should be fixed 
in the package.

Mike



More information about the linux-elitists mailing list