morning thoughts on firewall
Oliver Grawert
hostmaster at grawert.net
Tue Dec 21 03:22:51 CST 2004
hi,
Am Dienstag, den 21.12.2004, 10:08 +0100 schrieb Marco Bonetti:
> hi!
> Last time I help to install an ubuntu on friends' computers I was
> asked about the presence of a firewall.
> I answered as in the faq: "there is a firewall, but it isn't
> configured because you do not need it", my friend was a bit surprised
> and he pointed out that os x and windows have a configured firewall.
>
> Maybe adding a default and simple firewall configuration will be more
> interesting for new users: probably they don't care about the rules,
> but they surely care about the presence or not of them.
what for ? there are no open ports at all, in a default ubuntu install a
firewall is simply not needed. the only way to open ports is to install
any server software which will open the port that it needs. this setup
is much safer then any misconfigured (because the user doensn't (and
shouldnt) know about it) firewall.
> Then another 2 problems came up: what to do when the user installs
> some kind of service or wants to work out a custom policy?
> Maybe init.d scripts could be modified to open their needed ports when
> "start" is called and iptables could be linked, so chmodding +x/-x the
> link will enable/disable this "automagic" stuff.
all configuration files for the server software is found in /etc, you
normally can adjust all the settings for a single service there, no need
to modify the startup scripts.
ciao
oli
--
got ubuntu ? --------------> GET UBUNTU !!!
http://www.ubuntulinux.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20041221/478ca2a6/attachment.pgp
More information about the ubuntu-devel
mailing list