[ubuntu-hardened] ufw package integration
jdinkel at gmail.com
Thu Sep 4 16:58:26 BST 2008
On Thu, Sep 4, 2008 at 10:39 AM, Soren Hansen <soren at ubuntu.com> wrote:
> On Thu, Sep 04, 2008 at 09:58:40AM -0500, James Dinkel wrote:
> > I would say leave the ports open and leave the profile files. Leave
> > it up to the user to manage the firewall. If the package is removed,
> > it's not going to be listening on those ports any more anyway.
> If "not listening" was sufficient, there'd be little point in having a
> firewall in the first place, wouldn't there?
> Soren Hansen
Well, 'not listening' _should_ be sufficient, however I prefer (and suggest)
to use a firewall as an extra layer of protection. I must have been
mistaken, I did not realize we were debating the merits of a firewall, only
whether or not packages should automatically change firewall rules. Of
course, if I trusted packages to manage opening and closing their own
firewall rules, then I might as well trust them to listen or not on those
ports, so in that case then yes there would be little point in having a
firewall in the first place.
On Thu, Sep 4, 2008 at 10:02 AM, Cody A.W. Somerville <
cody-somerville at ubuntu.com> wrote:
> Why don't we just leave all ports open then? :P
> Cody A.W. Somerville <cody.somerville at canonical.com>
Well, for a long time that was the standard setup for Ubuntu. As I
mentioned above though, I would suggest using a firewall with all ports
blocked by default as an additional layer of protection.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-hardened