On Wed, Oct 14, 2015 at 11:31:34AM +0200, Juergen Daubert wrote:
On Wed, Oct 14, 2015 at 02:57:33AM +0200, Jose V Beneyto wrote:
[...]
Another thing I would like to comment is about the fact that tcp_wrappers was removed. I've never needed to use tcp wrappers but I have to admit I do not want to lose the protection they provided. So with tcp_wrappers, by default in CRUX is to deny all TCP traffic.
But only for services that works with libwrap, which are only a few. Lately libwrap support got removed from openssh, I guess other will follow.
Are there any plans to add somewhere a iptables script with the chains (and/or policies) defaulting to DROP, or at least for the INPUT chain?
Not yet. Let's see if we get some ideas from our users ;)
Update: after a short IRC discussion we decided to let users set up their own iptables config (or none if they prefer). Greetings Juergen