Prev-20 Home Next-20 1 msg Security review wanted 2 msg Re: [SECURITY] [DSA 1479-1] New Linux 2.6.18 pa... 4 msg syslogd lsitening on per default 1 msg RE: [SECURITY] [DSA 1478-1] New mysql-dfsg-5.0 ... 1 msg Re: [SECURITY] [DSA 1475-1] new gforge packages... 1 msg 做網路行銷送專屬網站 只到2月底 Why not have firewall rules by default? \ William Twomey (23 Jan 2008) . \ Thomas Damgaard (23 Jan 2008) . \ Michael Loftis (23 Jan 2008) . . \ Rolf Kutz (23 Jan 2008) . . . \ Riku Valli (23 Jan 2008) . . . . \ Rolf Kutz (23 Jan 2008) . . . \ Henrique de Moraes Holschuh (25 Jan 2008) . . . . \ T顤闥 Edwin (25 Jan 2008) . . . . . \ Henrique de Moraes Holschuh (25 Jan 2008) . . . . \ Florian Weimer (27 Jan 2008) . . \ maximilian attems (23 Jan 2008) . . \ Vincent Deffontaines (23 Jan 2008) . \ Ondrej Zajicek (23 Jan 2008) . . \ Florian Weimer (23 Jan 2008) . . . \ James Shupe (23 Jan 2008) . . . . \ Brent Clark (25 Jan 2008) . . . \ Maximilian Wilhelm (23 Jan 2008) . . . \ Russ Allbery (23 Jan 2008) . . . \ Javier Fern嫕dez-Sanguino Pe鎙 (27 Jan 2008) . \ Riku Valli (23 Jan 2008) . . \ William Twomey (23 Jan 2008) . . . \ Riku Valli (23 Jan 2008) . . . \ Javier Fern嫕dez-Sanguino Pe鎙 (27 Jan 2008) . . . . \ Jonas Andradas (27 Jan 2008) . \ Riku Valli (23 Jan 2008) . \ Florian Weimer (28 Jan 2008) . . \ Jose Marrero (28 Jan 2008) . . \ Javier Fern嫕dez-Sanguino Pe鎙 (30 Jan 2008) . \ Michelle Konzack (30 Jan 2008) . . \ Chris Ferguson (31 Jan 2008) . . . \ Michelle Konzack (6 Feb 2008) 1 msg Re: [SECURITY] [DSA 1466-3] New xfree86 package... 1 msg I'm keen to get more info about your business 2 msg Tiger and changing ntp server 1 msg Security fix for xine-lib 1.1.2 (needs testing) 4 msg re: [32D-0F221B4E-1950] [SECURITY] [DSA 1466-1]... 3 msg CVE 2008-0001 already fixed? 2 msg Re: [SECURITY] [DSA 1465-1] New apt-listchanges... 5 msg How about carrying this list on gmane? 1 msg xine-lib (etch) buffer overflow fix 10 msg Re: [SECURITY] [DSA 1458-1] New openafs package... 2 msg SMO Services 1 msg Nationwide Internet Banking! 1 msg SOLICITING FOR A REPUTABLE REPRESENTATIVE IN YO... Prev-20 Home Next-20

Prev-Msg Prev-Thread Debian-security Jan-2008 Next-Thread Next-Msg Subject: Why not have firewall rules by default? Group: Debian-security From: William Twomey Date: 23 Jan 2008 It's my understanding (and experience) that a Debian system by default is vulnerable to SYN flooding (at least when running services) and other such mischeif. I was curious as to why tcp_syncookies (and similar things) are not enabled by default. Many distros (RPM-based mostly from my experience) ask you during the install if you'd like to enable firewall protection. I was curious if debian was every going to have this as an option? One solution could be to have a folder called /etc/security/iptables that contains files that get passed to iptables at startup (in the same way /etc/rc2.d gets read in numeric order). So you could have files like 22ssh, 23ftp, etc. with iptable rules in each file. You could also have an 'ENABLED' variable like some files in /etc/default have (so that ports wouldn't be opened by default; the user would have to manually enable them for the port to be opened). Then they'd just run /etc/init.d/iptables restart and the port would be opened (flush the rules, reapply). Even a central iptables-save format file that gets passed to iptables at startup would be nice. It's easy enough to do manually, but would be nice to see integrated with debian itself (packages managing their own rules, etc.). Is debian every going to introduce a better way of having iptables rules be run at startup and easily saved/managed, or will this always be a manual process? Thanks! -Will -- To UNSUBSCRIBE, email to debian-security-REQUEST with a subject of "unsubscribe". Trouble? Contact listmaster Prev-Msg Prev-Thread Debian-security Jan-2008 Next-Thread Next-Msg

© 2004-2008 readlist.com