most linux server distributions come without a firewall installed/activated. does this default mean it's linux' fault when users do not setup a firewall?
Well, it's hard for a Linux server distribution to not come with a firewall installed, since it's part of the kernel; all Linux distributions I've seen (including tiny floppy-disk-based Linux distributions) come with the firewall module enabled in the kernel configuration.
As for being activated: my recent experience with is mostly with RedHat-derived Linux server distributions (like CentOS), and they do come with the firewall enabled (which more than once made things not work until we noticed it was the firewall again). That didn't use to be the case in the distant past, however.
At least a little? That's extremely hostile behavior to new users. I could see not shipping a lot of these things for a highly optimized server version etc. For a standard end user (and let's be honest, middle/large company IT dept guy), you should put some sane defaults in place.
Another part about the firewall is that without profiling, it's pretty hard to make a good firewall that allows "good traffic" and denies the "bad". It takes a good amount of profiling and being a firewall admin.
And for a house, thats kind of overkill for the general network. Sure, set up a restricted wifi for IoT crap, but having to fiddle with it daily is NOT acceptable.
thats is one of the reasons i think its not smart to automatically start some services per default after package install on Debian. I guess its justified by having sane default service configurations but its still a bad idea in my opinion.
As for being activated: my recent experience with is mostly with RedHat-derived Linux server distributions (like CentOS), and they do come with the firewall enabled (which more than once made things not work until we noticed it was the firewall again). That didn't use to be the case in the distant past, however.