Hi,


I'm intrigued by the Aeon project, but the choice of not installing a firewall
by default worries me. I know I can enable the firewall pattern in the
installer, or install it later on with `transactional-update package install
firewalld`. And that works fine.

But not having it there in a default installation opens up certain attack
vectors in my opinion. I've read some reasoning about this on online platforms,
such as that a firewall is not needed or would mess up container setups. I'm
not so sure if I agree to the point of not including a firewall by default. If
it's in the way for a user that wants to do something "special", then that user
can disable/modify the firewall. But by default it would make sense to have the
protection of a firewall.

I didn't open this issue to debate it, but to understand the reasoning better.
Maybe I'm wrong, that's also possible. Then this would be a nice reference
point for future questions.

On the firewalld page it mentions compatibility with Podman and Docker
(iptables only):

> Applications and libraries which support firewalld as a firewall management tool include:
> 
>    NetworkManager
>    libvirt
>    podman
>    docker (iptables backend only)
>    fail2ban

I also host a Discourse forum on Debian for a couple of years, which runs in a
Docker container, with firewalld enabled. I have not encountered issues so far.
It of course depends on the use case of when issues may arise with firewalld.
But this is an example of when the firewall would not be an issue and is good
to have it around as a layer of protection. One of many layers, as security
should be applied. If one layer fails, there is another one to protect the
data.