<div dir="ltr">(Sorry of top post as gmail seems to be used to it...)<br><div class="gmail_quote"><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Fri, Sep 05, 2008 at 11:31:27AM +1000, Chris Martin wrote:<br>
> Not listening is sufficient - that is the point<br>
> Having a firewall that is automatically updated as packages are installed is<br>
> dangerous. This is similar to UPnP and not the right way to do security<br>
><br>
> By having all packages automatically update the firewall - you may as well<br>
> not have a firewall<br>
><br>
> Just because a HTTP server is installed it doesn't mean that it should be<br>
> accessible. The decision to open the firewall should be a separate action<br>
><br>
> Often packages get installed that are only intended to be accessed via a<br>
> single interface on machines with multiple interfaces or via local host ONLY<br>
><br>
> It really defeats the purpose of having a firewall if the ports are opened<br>
> automatically</div></blockquote><div><br>Hum, no. From what I understand, ufw allow different application policies for package integration. The default policy is SKIP[1], so no rules are automatically added to the firewall. You can set it so ALLOW or DENY to automatically add rules to your firewall when installing a package.<br>
<br>My tests when working on adding ufw integration to various packages confirmed that.<br> <br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d"><br>
</div>Unless I'm much mistaken here, all that's being discussed is *closing*<br>
ports when you uninstall the package that "owned" the ports in question.<br>
<div><div></div><div class="Wj3C7c"><br>
</div></div></blockquote></div><br>Yes, the subject has diverged. Now that the previous point is - I think - solved, let's go on the closing port question when removing/purging a package.<br><br>Didier<br><br>[1] <a href="https://wiki.ubuntu.com/UbuntuFirewall#Package%20Integration">https://wiki.ubuntu.com/UbuntuFirewall#Package%20Integration</a><br>
</div>