Pascal Hambourg wrote: > Le 21/09/2018 à 19:09, Dan Ritter a écrit : >> >> Let's suppose Debian installs a basic firewall by default. How >> basic? Let's say: >> >> - outbound: permit >> - forward: deny >> - inbound: accept NTP, DHCP, DNS, and any TCP packet which is a >> response to an outbound packet > > Why should unsolicited NTP, DHCP and DNS inbound packets be allowed ?
In my case, the box is running as a server for those protocols. Though, Gene (or others) may do things differently. NOTE -I only listen for unsolicited requests on the LAN for those. Only stuff on the internet is SSH and SMTP. > > Why should only TCP inbound responses be allowed ? What about UDP-based > protocols, ping replies (ICMP echo reply), ICMP error messages, and so on ? DNS is UDP (er, by default; though it can use TCP). ICMP echo would most likely fall under the "response to something outbound". -- |_|O|_| Registered Linux user #585947 |_|_|O| Github: https://github.com/dpurgert |O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281