ZeroConf in Ubuntu Edgy

Tue Jul 4 03:56:05 BST 2006

Pardon me for dual posts, but wanted to capture it here as well, as it is
more relevant - have started a spec at
https://launchpad.net/distros/ubuntu/+spec/application-aware-firewall.

Let us collect our thoughts on what needs to be done and figure out a way to
do it. One thing we need is the set of interfaces and mechanisms as to how
Apple does it - essentials not a verbatim interface. We can figure out from
the ZeroConf specs as well. 

Cheers
<k/>

> -----Original Message-----
> From: ubuntu-devel-bounces at lists.ubuntu.com 
> [mailto:ubuntu-devel-bounces at lists.ubuntu.com] On Behalf Of 
> Ivan Krstic
> Sent: Monday, July 03, 2006 6:08 PM
> To: Patrick McFarland
> Cc: Tobias Wolf; ubuntu-devel at lists.ubuntu.com
> Subject: Re: ZeroConf in Ubuntu Edgy
> 
> Patrick McFarland wrote:
> > What about my earlier idea about packages adding rules to the Magic 
> > Firewall App to allow users to manage apps, not ports? ("I want to 
> > enable Apache! WTF is this port 80 shit? Yargh!")
> 
> Earlier in the thread, I wrote: "At UBZ, we actually had a 
> BOF about comprehensive (per-package) firewalling, which is 
> where I'd really like us to go eventually, in addition to a 
> pretty UI."
> 
> This was discussed quite a while back. We want to get there, 
> and recognize it as a good, albeit not complete, eventual solution.
> 
> > Technically no, but not using an app in listen only mode because it 
> > may be insecure is worse then using said app in listen only 
> mode and 
> > suffering the possible security bugs.
> 
> No one is stopping users from enabling listening services, 
> should they choose to do so. We do very little clobbering to 
> make sure that the packages we install by default don't open 
> ports by default; the "no open ports by default" policy has 
> much more to do with not shipping things that open ports by 
> default, than it does with removing or limiting server 
> functionality from applications we do ship (such as with CUPS).
> 
> > Well, a required thing is being able to set certain services to 
> > certain profiles and zones. This is required. Also, being 
> able to set 
> > rules based on MAC is also required.
> 
> I think I'll withdraw from the thread at this point. You seem 
> very passionate about this; if you channeled the passion into 
> getting your hands on an OS X machine, giving things like 
> ZoneAlarm et al a spin on Windows, and writing up the 
> results, you would find your input much more appreciated, and 
> the results likely much more rewarding. I can understand not 
> being able or willing to code, but there's no good reason you 
> can't produce an excellent spec, other than not wanting to 
> put in the time and effort.
> 
> --
> Ivan Krstic <krstic at fas.harvard.edu> | GPG: 0x147C722D
> 
> --
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
> 