ipv6 firewall?

[Derek Broughton]

Rashkae wrote:

> Derek Broughton wrote:
> 
>> 
>> It's the default in Ubuntu, too.  You don't need a firewall if you don't
>> open ports to the Internet.  If you open ports to the Internet, you
>> should know what you're doing.
> 
> I don't really agree with that.  It's very easy for someone to
> unwittingly open a port who has no business doing so.  Here's a good
> example I observed recently on Jaunty.

Sorry, I really meant that that's the theory behind the default.  

However:
> Suppose someone is having strange system behaviour, and as part of the
> diagnosis, wants to check the hard drive S.M.A.R.T.  This is something I
> think should be available by default on any Linux distro, but in Ubuntu
> you have to install smartmontools, which in Jaunty, also installs
> Postfix.  I don't know if the MTA is actually 'required' or 'suggested',
> but in Jaunty, it doesn't matter.  If the user is not entirely aware of
> what is happening and just keeps accepting defaults, user ends up with
> port 25 wide open, when all he/she wanted to do was verify hard drive
> diagnosis.

What part of "wide open" do you get when you install postfix?  You _must_ 
tell it which interfaces you want it to listen on, and how to send mail.  At 
some point in there, you should be starting to worry...
-- 
derek