morning thoughts on firewall

Matt Zimmerman mdz at
Thu Dec 23 17:30:04 CST 2004

On Tue, Dec 21, 2004 at 10:08:32AM +0100, Marco Bonetti wrote:

> Last time I help to install an ubuntu on friends' computers I was
> asked about the presence of a firewall.
> I answered as in the faq: "there is a firewall, but it isn't
> configured because you do not need it", my friend was a bit surprised
> and he pointed out that os x and windows have a configured firewall.

The reason that Ubuntu doesn't install a firewall by default is because
there is not yet a firewall application that we feel is mature and
featureful enough for this role.

A firewall application is a high-level, user-visible component of the system
which manages the configuration of the packet filtering functionality in the
kernel (netfilter).  While the underlying functionality needed for a
firewall is robust and mature, there is rather a lack of truly supportable
solutions for configuring it.

> Then another 2 problems came up: what to do when the user installs some
> kind of service or wants to work out a custom policy?  Maybe init.d
> scripts could be modified to open their needed ports when "start" is
> called and iptables could be linked, so chmodding +x/-x the link will
> enable/disable this "automagic" stuff.

This is the sort of thing which would be handled by a firewall application.

 - mdz

More information about the ubuntu-devel mailing list