firewall?

[Stuart Bishop]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rob Weir wrote:
| On Fri, Oct 01, 2004 at 03:27:49AM +0200, Emil Oppeln-Bronikowski said
|
|>>What would it actually *do*?  There are no services listening on
|>>external interfaces by default.
|>
|> Blocks all incoming tarffic. Not the smartest firewall. ;-) But it's
|>not XP mailing list, let's go back on the subject of Ubuntu.
|
|
| Well, I was wondering what the people who want a firewall on Ubuntu want
| it to do...there's no ports open to block, so all it could really do is
| sit there looking suave.

Sitting there looking suave is one important function - its a perception
thing. It also provides a nice central place to see and configure what
happens when stuff is installed that is *not* part of the default
install. eg. After you install Apache, it would be trivial to stop it
listening on your Internet network interface rather than the current
process of learning enough about Apache to configure it and explicitly
binding it to the correct interfaces. And hopefully you got it right and
didn't accidently leave the SSL interface running.

In the XP firewall, when an application wants to open ports a dialog is
popped up informing the user and allowing them to approve or deny it. In
Ubuntu it would even be possible to do this securely, as the logged in
user is not running with Administrator level priviledges which is the
case on the bulk of XP installs.

- --
Stuart Bishop <stuart.bishop at canonical.com>   http://www.canonical.com/
Canonical Ltd.                              http://www.ubuntulinux.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBX8Y7AfqZj7rGN0oRAqSpAJ9pQ2L4sDKqQI3Iq1SsgfcP/fUc9ACfW5uZ
8AGCkQjFyk5Z4BGRdhiUWSQ=
=aZ+D
-----END PGP SIGNATURE-----