ZeroConf in Ubuntu Edgy
Scott Dier
dieman at ringworld.org
Tue Jul 4 00:38:03 BST 2006
Tobias Wolf wrote:
> In that case the Ubuntu target audience is clearly of limited scope.
> Just at the Howto instructions on the forums. You’ll find a port opening
> fest. Should they all go elsewhere instead? Or should they get hacking
> iptables by hand if they really want to open ports?
It's not just a matter of 'fire up a firewall, that fixes the problem'.
Nomadic machines do not currently have a great way of saying what
networks are 'trusted' and which ones are not. Adding another option to
nm sounds like a great idea, but how do I explain it to a user? How do
they know what they are enabling/disabling per network? What services
should be triggered on/off with this switch and should a pile of network
services be handled by an alternate method than init rather than using a
firewall? How do you configure it so these services can still be
operated without this special service on 'server' machines, too? How
does it work when someone has 2 interfaces up, one to a local net
(trusted) and one to a WAN (untrusted) (ie: gprs and ethernet to a
customer site)? There isn't a great way to tell iptables that an
interface is in a specific profile, so all this stuff would need to be
changed on the fly with the iptables route.
I think it needs a lot of serious discussion to develop it into a spec
first.
Thanks,
--
Scott Dier <dieman at ringworld.org>
More information about the ubuntu-devel
mailing list