User-Friendly Firewalling [Re: ZeroConf in Ubuntu Edgy]

Chris Jones cmsj at tenshu.net
Thu Jul 6 10:38:17 BST 2006


Hi

On 8:57:56 am 06/07/2006 Matthew Paul Thomas <mpt at canonical.com> wrote:
> By all means have a Firewall Settings window with a list of
> applications to allow/block, but please don't expect people to make
> useful decisions on-the-fly.

It occurs to me that (ok so it's a bit too late for this, but) it would be
better to figure out exactly what firewalling implications exist before
indulging in lots of well thought out, but possibly superfluous discussion
about how it should be handled.

I'm struggling to think of very many situations where an on-the-fly
question is necessary at all. I already suggested in another part of the
thread that there be a simple admin tool for allowing remote access to
system level services (it could even offer two levels of access, LAN and
Everyone).
Windows Firewall has to bother the user with questions because it is not
possible to trust applications on a current generation windows machine not
to be Malware. An Ubuntu machine has (at the moment) almost no need for
this, outgoing traffic can be assumed to be trustworthy, so the only
situation that calls for an on-the-fly prompt is a user application that
wants to listen on some ports (e.g. BitTorrent). One could therefore argue
that it is the responsibility of those programs to ask the user if they
want to participate in that portion of their functionality and the default
ubuntu firewall can allow high listening ports because applications will be
selective about using them.
How often does this happen? p2p has to be the vast majority of it and that
almost always has risky connotations associated with it anyway. Presumably
voip type things may need these features, but since a good number of people
are on NAT'd connections, they must presumably offer alternatives.

So, what are you all actually expecting to need to be asked about?

Cheers,
---
Chris Jones
  cmsj at tenshu.net
  www.tenshu.net




More information about the ubuntu-devel mailing list