User-Friendly Firewalling [Re: ZeroConf in Ubuntu Edgy]
Chris Jones
cmsj at tenshu.net
Tue Jul 4 17:10:44 BST 2006
Hi
On 11:40:57 am 04/07/2006 Patrick McFarland <diablod3 at gmail.com> wrote:
> No no no! This is a bad idea! Firewall has to be a system wide thing
> that effects all users. (ie, the Firewall's config panel appears in
> System->Administration).
Firewalls don't necessarily have to be system-wide, nor do they necessarily
have to affect all users.
Having said that, the interactive, per-user model is really better suited
to outgoing traffic, which is only a problem if you can't trust the
software running on your machine (ie this doesn't really apply to Ubuntu
and is something of a hinderance to users, who typically don't know or care
what something is, just that it works without bothering them). In that
scenario it would be pretty easy to only the ask the user running the
process that generated the packets by handing the SYN request up to
userspace for approval.
>From a desktop user perspective, the only thing they need to care about is
that the listening services they have installed can be accessed from where
they want them to be, which does not require a complex UI or huge numbers
of netfilter rules.
Cheers,
---
Chris Jones
cmsj at tenshu.net
www.tenshu.net
More information about the ubuntu-devel
mailing list