ZeroConf in Ubuntu Edgy

Daniel Pittman daniel at
Mon Jul 3 02:09:47 BST 2006

Matt Zimmerman <mdz at> writes:
> On Wed, Jun 28, 2006 at 10:47:58PM +0200, John Nilsson wrote:
>> On Fri, 2006-06-23 at 09:15 +0800, Trent Lloyd wrote:
>> > Ubuntu has a no-open-ports by-default policy, which means that any
>> > mDNS/DNS-SD based discovery cannot be enabled by default.
>> How about a semi-closed policy? I.e. having a iptables configuration
>> that is a bit more trusting of private networks.
> That's an interesting idea.  But are enough ISPs and corporate networks
> doing proper filtering these days for that to be safe?

I would strongly advise against a policy that assumes private IP ranges
are somehow safer than public IP ranges.  Around five percent of my
clients, here in .au, are supplied an IP from a private range that can
communicate directly with the Internet[1].

At the very least your system would be assuming that the rest of the ISP
is trustworthy, if not the entire Internet.


[1]  For some values of, including through the UPnP protocol for opening
     Internet facing ports.

Digital Infrastructure Solutions -- making IT simple, stable and secure
Phone: 0401 155 707        email: contact at

More information about the ubuntu-devel mailing list