ZeroConf in Ubuntu Edgy
Daniel Pittman
daniel at rimspace.net
Mon Jul 3 02:09:47 BST 2006
Matt Zimmerman <mdz at ubuntu.com> writes:
> On Wed, Jun 28, 2006 at 10:47:58PM +0200, John Nilsson wrote:
>> On Fri, 2006-06-23 at 09:15 +0800, Trent Lloyd wrote:
>> > Ubuntu has a no-open-ports by-default policy, which means that any
>> > mDNS/DNS-SD based discovery cannot be enabled by default.
>>
>> How about a semi-closed policy? I.e. having a iptables configuration
>> that is a bit more trusting of private networks.
>
> That's an interesting idea. But are enough ISPs and corporate networks
> doing proper filtering these days for that to be safe?
I would strongly advise against a policy that assumes private IP ranges
are somehow safer than public IP ranges. Around five percent of my
clients, here in .au, are supplied an IP from a private range that can
communicate directly with the Internet[1].
At the very least your system would be assuming that the rest of the ISP
is trustworthy, if not the entire Internet.
Regards,
Daniel
Footnotes:
[1] For some values of, including through the UPnP protocol for opening
Internet facing ports.
--
Digital Infrastructure Solutions -- making IT simple, stable and secure
Phone: 0401 155 707 email: contact at digital-infrastructure.com.au
http://digital-infrastructure.com.au/
More information about the ubuntu-devel
mailing list