"John H. Robinson, IV" <[EMAIL PROTECTED]> writes: > Debian (using a linux, bsd, or gnumach/l4 (micro)kernel) should be > ``Secure by default.'' if this means that no firewalling -> no debian > release, then so be it.
Strictly speaking FW-ing increases security somewhat only if you are running vulnerable services on the machine(s) behind the firewall. So ok, it may be a good thing to have given that it's hard to know for sure that a particular service is not vulnerable. But a different, safer and more robust way to be "secure by default" is to simply not enable the network services in the first place. For instance, I'm a little annoyed that the X-server I'm running is listening for connections on all interfaces. Perhaps I can work-around that by figuring out how linux fw-ing works this month, but I'd much prefer if my X-server listened *only* on it's AF_LOCAL socket, (and perhaps also on the localhost AF_INET interface (with forwarding disabled), if that's absolutely necessary to get X libraries and clients to work). There's no way I want to allow X connections from other machines, so the X server *should not* ask for that. Firewalling the X server is a kludge, nothing more. I see little use for firewalling, except to help isolate broken or unmaintained machines from the outside world. And in this case, the FW is usually a separate box. Regards, /Niels -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]