[Nix-dev] Enabling CUPS unconditionally allows UDP/631 on the firewall
Eelco Dolstra
eelco.dolstra at logicblox.com
Wed Nov 13 11:47:32 CET 2013
Hi,
On 12/11/13 21:28, Peter Simons wrote:
> > Running sshd without port 22 open doesn't make much sense.
>
> well, I know at least one person who has a locally running SSH daemon
> for no reason other than being able to use "ssh root at localhost" as a
> fancy replacement for sudo. For that use case, it's not necessary (nor
> desirable) to have the firewall enable access from the outside world.
Yes, there is always some crazy exception :-)
> Personally, I would argue that no service should open up ports in the
> firewall, ever. Only the administrator should do that.
Well, only the administrator can enable the sshd service, anyway. The question
is whether it's reasonable to expect that enabling sshd also opens port 22.
Also, I've been wanting to enable the firewall by default in NixOS for a while
(https://github.com/NixOS/nixos/issues/55) and disabling port 22 would lock out
people who have sshd enabled without having port 22 opened explicitly in their
configuration.nix.
--
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
More information about the nix-dev
mailing list