ZeroConf in Ubuntu Edgy
Tobias Wolf
towolf at gmail.com
Tue Jul 4 14:03:46 BST 2006
Am Dienstag, den 04.07.2006, 11:00 +0100 schrieb Chris Jones:
> Instead, a simple list could be displayed by a tool in System->Administration, of currently listening services, which will always default to being blocked until a little tick is clicked and they go green and an iptables rule is added. There's no need to block outgoing traffic and no need to offer the full functionality of iptables.
And once outgoing traffic is not dealt with (why should it, there’s
likely no malware to justify that) the UI’s complexity wouldn’t be too
demanding. A Linux distribution has an entirely different networking
context to deal with compared to the likes of Zone Alarm.
So, I like your scenario. Perhaps packages could drop some snippet into,
e.g., /etc/firewall.d just like other packages drop stuff into
bash_completion.d. These snippets would map the potentially cryptic
processes listening on ports to the applications.
Something like NM could provide a notion of zones, such that the service
config could have dual trusted/untrusted toggles (I even think it was
discussed to make NM ARP-aware for static IP configs, i.e., it could
determine a networks identity).
-- Tobias
More information about the ubuntu-devel
mailing list