Hi folks,
Am Di den 6. Dez 2016 um 0:07 schrieb Daniel Reurich:
> On 06/12/16 05:50, Lars Noodén wrote:
> > Where should we be commending the storage of iptables rules in Devuan
> > Jessie?
>
> There should not be a default location. It should be left to each
> firewall application to define. This is particularly important as
> iptables has a competitor in nftables and likely to be deprecated at
> some point so we can't guarantee into the future that iptables will
> always exist.
Well, I think, there should be an advice.
Historical I use /var/lib/iptables. But that is only great when using
dynamic iptables. Present days I do them manually so /etc/something
might be better.
> Generally a well setup Linux system has no network connectable services
> running that aren't intended to be, in which case it's relatively
> resistant to hacking attempts. This means firewall in a well secured
> network is generally not necessary or desirable. The only instance I'd
> consider a workstation firewall is a laptop connecting to untrusted
> networks regularly.
Well, except avahi, cups, samba, ntp, rpcbind and some other bad
designed tools that default listen on 0.0.0.0 and that are pulled in
with a common linux desktop installation.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus@???>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C