ufw package integration

James Dinkel jdinkel at gmail.com
Thu Sep 4 16:58:26 BST 2008

On Thu, Sep 4, 2008 at 10:39 AM, Soren Hansen <soren at ubuntu.com> wrote:

> On Thu, Sep 04, 2008 at 09:58:40AM -0500, James Dinkel wrote:
> > I would say leave the ports open and leave the profile files.  Leave
> > it up to the user to manage the firewall.  If the package is removed,
> > it's not going to be listening on those ports any more anyway.
> If "not listening" was sufficient, there'd be little point in having a
> firewall in the first place, wouldn't there?
> --
> Soren Hansen

Well, 'not listening' _should_ be sufficient, however I prefer (and suggest)
to use a firewall as an extra layer of protection.  I must have been
mistaken, I did not realize we were debating the merits of a firewall, only
whether or not packages should automatically change firewall rules.  Of
course, if I trusted packages to manage opening and closing their own
firewall rules, then I might as well trust them to listen or not on those
ports, so in that case then yes there would be little point in having a
firewall in the first place.


On Thu, Sep 4, 2008 at 10:02 AM, Cody A.W. Somerville <
cody-somerville at ubuntu.com> wrote:

> Why don't we just leave all ports open then? :P
> --
> Cody A.W. Somerville <cody.somerville at canonical.com>

Well, for a long time that was the standard setup for Ubuntu.  As I
mentioned above though, I would suggest using a firewall with all ports
blocked by default as an additional layer of protection.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20080904/d9beb4f5/attachment-0001.htm 

More information about the ubuntu-devel mailing list