<div dir="ltr">Should package integration be disabled by default? I know a lot of Linux people who are a little unsettled by how much Ubuntu attempts to automate things, without users' control or knowledge. Not all those arguments hold water, but if a firewall were opening and closing ports on a system without the admin's express, explicit consent, it  could quickly drive away the users this could benefit.<br> <br>As the disclaimer goes with EVERY post I make to the MLs here: I am not an expert, and I am not an active developer here. I am asking that it be considered, if it hasn't already, that package integration be an optional, if not disabled-by-default, feature. Let the admin know (with confirmation) that package integration is on, and that the OS will attempt to "inetlligently" (emphasis on quotes) adjust firewall settings based on installed programs.<br> <br>It could be argued that if someone wants full control over their firewall they could just use iptables, but meh.<br><br><div class="gmail_quote">On Thu, Sep 4, 2008 at 10:58 AM, James Dinkel <span dir="ltr"><<a href="mailto:jdinkel@gmail.com">jdinkel@gmail.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div dir="ltr"><div class="Ih2E3d">On Thu, Sep 4, 2008 at 10:39 AM, Soren Hansen <span dir="ltr"><<a href="mailto:soren@ubuntu.com" target="_blank">soren@ubuntu.com</a>></span> wrote:<br> </div><div class="gmail_quote"><div class="Ih2E3d"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div>On Thu, Sep 04, 2008 at 09:58:40AM -0500, James Dinkel wrote:<br> > I would say leave the ports open and leave the profile files.  Leave<br> > it up to the user to manage the firewall.  If the package is removed,<br> > it's not going to be listening on those ports any more anyway.<br> <br> </div>If "not listening" was sufficient, there'd be little point in having a<br> firewall in the first place, wouldn't there?<br> <font color="#888888"><br> --<br> Soren Hansen</font></blockquote></div><div><br>Well, 'not listening' _should_ be sufficient, however I prefer (and suggest) to use a firewall as an extra layer of protection.  I must have been mistaken, I did not realize we were debating the merits of a firewall, only whether or not packages should automatically change firewall rules.  Of course, if I trusted packages to manage opening and closing their own firewall rules, then I might as well trust them to listen or not on those ports, so in that case then yes there would be little point in having a firewall in the first place.<br> <br>James<br></div></div><br><div class="gmail_quote"><div class="Ih2E3d">On Thu, Sep 4, 2008 at 10:02 AM, Cody A.W. Somerville <span dir="ltr"><<a href="mailto:cody-somerville@ubuntu.com" target="_blank">cody-somerville@ubuntu.com</a>></span> wrote:<br> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div dir="ltr"><div class="Ih2E3d"><div class="gmail_quote"><br><div>Why don't we just leave all ports open then? :P<br clear="all"> </div></div><br></div>-- <br>Cody A.W. Somerville<a href="mailto:cody.somerville@canonical.com" target="_blank"></a><br> </div> </blockquote></div><br><br>Well, for a long time that was the standard setup for Ubuntu.  As I mentioned above though, I would suggest using a firewall with all ports blocked by default as an additional layer of protection.<br> </div> <br>--<br> ubuntu-server mailing list<br> <a href="mailto:ubuntu-server@lists.ubuntu.com">ubuntu-server@lists.ubuntu.com</a><br> <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-server" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-server</a><br> More info: <a href="https://wiki.ubuntu.com/ServerTeam" target="_blank">https://wiki.ubuntu.com/ServerTeam</a><br></blockquote></div><br><br clear="all"><br>-- <br>Luke L.<br> </div>