ZeroConf in Ubuntu Edgy
Chris Jones
cmsj at tenshu.net
Tue Jul 4 11:00:02 BST 2006
Hi
On 1:29:48 am 04/07/2006 Ivan Krstic <krstic at fas.harvard.edu> wrote:
> system administration are notoriously difficult to write. A proper
> firewall management tool falls into this category.
People using Zeroconf seem very likely to be desktop users, so they seem
unlikely to need a "proper" firewall management tool, just something to
unblock listening services in a pretty and intuitive way.
Anything interactive (e.g. stuffing packets that match "-m state --state
NEW") up to userspace for approval every time a new program/host is
encountered is just going to (as has been pointed out) lead to lots of
clicking "Ok" and very little reading/understanding.
Instead, a simple list could be displayed by a tool in System->Administration, of currently listening services, which will always default to being blocked until a little tick is clicked and they go green and an iptables rule is added. There's no need to block outgoing traffic and no need to offer the full functionality of iptables.
Perhaps a more complex tool should be written for the server end of things,
but I won't comment on that because I happen to think that server admins
should know what they are doing ;)
Cheers,
---
Chris Jones
cmsj at tenshu.net
www.tenshu.net
More information about the ubuntu-devel
mailing list