ufw package integration
James Dinkel
jdinkel at gmail.com
Thu Sep 4 15:58:26 UTC 2008
On Thu, Sep 4, 2008 at 10:39 AM, Soren Hansen <soren at ubuntu.com> wrote:
> On Thu, Sep 04, 2008 at 09:58:40AM -0500, James Dinkel wrote:
> > I would say leave the ports open and leave the profile files. Leave
> > it up to the user to manage the firewall. If the package is removed,
> > it's not going to be listening on those ports any more anyway.
>
> If "not listening" was sufficient, there'd be little point in having a
> firewall in the first place, wouldn't there?
>
> --
> Soren Hansen
Well, 'not listening' _should_ be sufficient, however I prefer (and suggest)
to use a firewall as an extra layer of protection. I must have been
mistaken, I did not realize we were debating the merits of a firewall, only
whether or not packages should automatically change firewall rules. Of
course, if I trusted packages to manage opening and closing their own
firewall rules, then I might as well trust them to listen or not on those
ports, so in that case then yes there would be little point in having a
firewall in the first place.
James
On Thu, Sep 4, 2008 at 10:02 AM, Cody A.W. Somerville <
cody-somerville at ubuntu.com> wrote:
>
> Why don't we just leave all ports open then? :P
>
> --
> Cody A.W. Somerville <cody.somerville at canonical.com>
>
Well, for a long time that was the standard setup for Ubuntu. As I
mentioned above though, I would suggest using a firewall with all ports
blocked by default as an additional layer of protection.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20080904/d9beb4f5/attachment.html>
More information about the ubuntu-server
mailing list