On Sat, Nov 22, 2014 at 11:42:41AM +0100, Wouter Verhelst wrote: > [...] > Before we enable a firewall by default, we should, IMO, have the > following: > > - A way for a user to configure it without understanding iptables. > - A way for a user to debug (without understanding iptables) if things > don't work. > - A way for a package maintainer to assert that this particular package > needs a hole in the firewall to be useful, and that this hole needs to > be available to a particular group of remote machines. E.g., cups > would not expect connections from the other end of the world, while > webservers would. > [...]
I think ufw was built to accomplish all of the above goals. I'm not sure how well it works though -- I prefer to disable ufw and just do my own thing with iptables. -- Kind regards, Loong Jin
signature.asc
Description: Digital signature