[ubuntu-hardened] ufw package integration
Soren Hansen
soren at ubuntu.com
Fri Sep 5 07:38:02 BST 2008
On Fri, Sep 05, 2008 at 11:31:27AM +1000, Chris Martin wrote:
> Not listening is sufficient - that is the point
> Having a firewall that is automatically updated as packages are installed is
> dangerous. This is similar to UPnP and not the right way to do security
>
> By having all packages automatically update the firewall - you may as well
> not have a firewall
>
> Just because a HTTP server is installed it doesn't mean that it should be
> accessible. The decision to open the firewall should be a separate action
>
> Often packages get installed that are only intended to be accessed via a
> single interface on machines with multiple interfaces or via local host ONLY
>
> It really defeats the purpose of having a firewall if the ports are opened
> automatically
Unless I'm much mistaken here, all that's being discussed is *closing*
ports when you uninstall the package that "owned" the ports in question.
--
Soren Hansen |
Virtualisation specialist | Ubuntu Server Team
Canonical Ltd. | http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 315 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20080905/07fafc42/attachment.pgp
More information about the ubuntu-hardened
mailing list