ZeroConf in Ubuntu Edgy
daniel at rimspace.net
Mon Jul 3 02:09:47 BST 2006
Matt Zimmerman <mdz at ubuntu.com> writes:
> On Wed, Jun 28, 2006 at 10:47:58PM +0200, John Nilsson wrote:
>> On Fri, 2006-06-23 at 09:15 +0800, Trent Lloyd wrote:
>> > Ubuntu has a no-open-ports by-default policy, which means that any
>> > mDNS/DNS-SD based discovery cannot be enabled by default.
>> How about a semi-closed policy? I.e. having a iptables configuration
>> that is a bit more trusting of private networks.
> That's an interesting idea. But are enough ISPs and corporate networks
> doing proper filtering these days for that to be safe?
I would strongly advise against a policy that assumes private IP ranges
are somehow safer than public IP ranges. Around five percent of my
clients, here in .au, are supplied an IP from a private range that can
communicate directly with the Internet.
At the very least your system would be assuming that the rest of the ISP
is trustworthy, if not the entire Internet.
 For some values of, including through the UPnP protocol for opening
Internet facing ports.
Digital Infrastructure Solutions -- making IT simple, stable and secure
Phone: 0401 155 707 email: contact at digital-infrastructure.com.au
More information about the ubuntu-devel