User-Friendly Firewalling [Re: ZeroConf in Ubuntu Edgy]
Forest Bond
forest at alittletooquiet.net
Tue Jul 4 03:07:36 BST 2006
On Mon, Jul 03, 2006 at 05:35:23PM -0700, Micah J. Cowan wrote:
> I believe that Windows Firewall is actually a very excellent model for
> a secure, user-friendly firewall interface. Pretty much everything is
> locked down by default, and when an attempt to connect to your machine
> that has not been explicitly authorized or blocked occurs, the system
> prompts you to authorize or deny the request/future such requests.
>
> I think a similar firewall system would be ideal for desktop Ubuntu.
> Unfortunately, I think trying to implement such a thing for Linux
> systems would be very difficult: it's just not the way that the kernel
> /thinks/ about such things. It's either allowed or rejected, there's not
> a way to mark patterns as "ask user". And even if there were a way to do
> that, how would the system "ask the user", especially when the windowing
> options are varied and optional? Ultimately, it would probably take a
> great deal of thought and work, and likely kernel modifications.
I don't think so. It's easy to have the kernel log packets that match rules.
Why can't you just have your UI software monitor the logs, or (don't know if
this part is possible) redirect those messages into a daemon that is query-able
via the system message bus (since we're all hip Gnome folks here).
It may be worthwhile to examine the m0n0wall web interface. m0n0wall is a
firewall-in-a-box package based on FreeBSD, and the interface makes it quite
flexible:
http://m0n0.ch/wall/
-Forest
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20060703/e4a9cf9b/attachment-0001.pgp
More information about the ubuntu-devel
mailing list