On Wed, 14 Oct 2015 19:22:56 +0200 Juergen Daubert wrote:
Are there any plans to add somewhere a iptables script with the chains (and/or policies) defaulting to DROP, or at least for the INPUT chain?
Not yet. Let's see if we get some ideas from our users ;)
Update: after a short IRC discussion we decided to let users set up their own iptables config (or none if they prefer).
Imho, shipping ipv4/ip6 iptables script, with reasonable defaults and off by default , wouldn't be against Crux KISS/DIY principles. I know Crux is for advanced users, but iptables-{v4,v6}.example files, with iptables.init in rc.d already installed can hardly be considered hand-holding :) With the BIG FAT WARNING to customise as needed enclosed, it would give users a starting point. Just my 0.2RSD Pedja