[Bug 261698] Re: Please add UFW profile integration with postfix

Jamie Strandboge jamie at ubuntu.com
Wed Aug 27 13:38:02 BST 2008


Package integration for ufw was discussed in UDS Prague, and you can
read about ufw's application integration in
https://wiki.ubuntu.com/UbuntuFirewall. The basic idea is this:

1. a package declares profiles to ufw by putting them in a file in /etc/ufw/applications.d (*). There should only be a limited number of common profiles from which the user can choose. Eg, a webserver might open port 80, port 443 or both.
2. the postinst of this package runs 'ufw app update --add-new <profile>', where <profile> is a profile which declares the ports that the application is listening on after installation (perhaps this is decided via debconf logic, perhaps not).

'ufw app update --add-new <profile>' will *not* open up any ports in the
firewall unless the administrator has changed the default application
policy.  The above command does nothing if ufw is disabled.  An
administrator need not use application profiles at all, so if he/she
wants to use port 2525 for postfix, then he/she can add a rule like 'ufw
allow 2525/tcp' just like always. Please see
https://wiki.ubuntu.com/UbuntuFirewall and 'man ufw' for details.

(*) I am actually going to change this to /etc/firewall.d for easier
inclusion into Debian

-- 
Please add UFW profile integration with postfix
https://bugs.launchpad.net/bugs/261698
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to postfix in ubuntu.



More information about the Ubuntu-server-bugs mailing list