[linux-elitists] Integrating the firewall and the package manager?
Sat Apr 30 11:22:58 PDT 2005
Mark van Walraven wrote:
>On Tue, Apr 12, 2005 at 11:28:06AM -0700, Don Marti wrote:
>>Basically, the system boots up with all tables default
>>DROP. Then, when any daemon starts, its init script
>>is responsible for setting up any rules necessary
>>for it to do its job. If you start a local-only
>I will raise a dissenting hand - I like having firewall rules hand-
>configured, so that when I (or any green "sysadmin" I have to pick up the
>pieces after) installs xdilbert and dependencies pull in foo-server,
>I'm not exposing/allowing more services than I think I am to the world.
But the user's already selected what rules they want by specifically
electing the service starts by default in that runlevel.
If packages are starting network services (that listen on more than
localhost) by default, that's a bug in that package and should be fixed
in the package.
More information about the linux-elitists