morning thoughts on firewall
sivan at piware.de
Tue Dec 21 11:26:18 CST 2004
From what I see here the problem is not in the technical, but more in
the educational regard of the system. We should tell people and explain
to them thorughly, maybe in some sort of a howto or a guide why they
_don't_ need a firewall in ubuntu.
Oliver Grawert wrote:
>Am Dienstag, den 21.12.2004, 10:08 +0100 schrieb Marco Bonetti:
>>Last time I help to install an ubuntu on friends' computers I was
>>asked about the presence of a firewall.
>>I answered as in the faq: "there is a firewall, but it isn't
>>configured because you do not need it", my friend was a bit surprised
>>and he pointed out that os x and windows have a configured firewall.
>>Maybe adding a default and simple firewall configuration will be more
>>interesting for new users: probably they don't care about the rules,
>>but they surely care about the presence or not of them.
>what for ? there are no open ports at all, in a default ubuntu install a
>firewall is simply not needed. the only way to open ports is to install
>any server software which will open the port that it needs. this setup
>is much safer then any misconfigured (because the user doensn't (and
>shouldnt) know about it) firewall.
>>Then another 2 problems came up: what to do when the user installs
>>some kind of service or wants to work out a custom policy?
>>Maybe init.d scripts could be modified to open their needed ports when
>>"start" is called and iptables could be linked, so chmodding +x/-x the
>>link will enable/disable this "automagic" stuff.
>all configuration files for the server software is found in /etc, you
>normally can adjust all the settings for a single service there, no need
>to modify the startup scripts.
More information about the ubuntu-devel