ufw package integration

Soren Hansen soren at ubuntu.com
Fri Sep 5 07:38:02 BST 2008

On Fri, Sep 05, 2008 at 11:31:27AM +1000, Chris Martin wrote:
> Not listening is sufficient - that is the point
> Having a firewall that is automatically updated as packages are installed is
> dangerous.  This is similar to UPnP and not the right way to do security
> By having all packages automatically update the firewall - you may as well
> not have a firewall
> Just because a HTTP server is installed it doesn't mean that it should be
> accessible.  The decision to open the firewall should be a separate action
> Often packages get installed that are only intended to be accessed via a
> single interface on machines with multiple interfaces or via local host ONLY
> It really defeats the purpose of having a firewall if the ports are opened
> automatically

Unless I'm much mistaken here, all that's being discussed is *closing*
ports when you uninstall the package that "owned" the ports in question.

Soren Hansen               | 
Virtualisation specialist  | Ubuntu Server Team
Canonical Ltd.             | http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 315 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20080905/07fafc42/attachment.pgp 

More information about the ubuntu-devel mailing list