On Fri, 05 Sep 2008, Jamie Strandboge wrote:
> This is (of course) correct. If the user decides to create a rule using
> the profile, then on removal or purge the rule is not removed.
> Application rules are no different than regular rules in this regard.
> Eg, these are equivalent:
>
> # ufw all
On Thu, 04 Sep 2008, Luke L wrote:
>Should package integration be disabled by default?
There is confusion as to what 'package integration' actually does. When
I sent the email, this is what it meant:
a) a package can declare itself to ufw via profiles that have various
port/protocol combi
On Thu, 04 Sep 2008, James Dinkel wrote:
>I would say leave the ports open and leave the profile files. Leave it up
>to the user to manage the firewall. If the package is removed, it's not
>going to be listening on those ports any more anyway.
>
This is almost what happens. The pro
On Wed, 03 Sep 2008, Steve Langasek wrote:
> On Tue, Aug 19, 2008 at 05:05:44PM -0400, Jamie Strandboge wrote:
> > With the upload of ufw 0.20 to Intrepid yesterday, ufw now supports
> > application (package) integration. This allows packages to declare their
> > ports and protocols to ufw, so use
Soren Hansen wrote:
> On Fri, Sep 05, 2008 at 11:31:27AM +1000, Chris Martin wrote:
>> Not listening is sufficient - that is the point
>> Having a firewall that is automatically updated as packages are installed is
>> dangerous. This is similar to UPnP and not the right way to do security
>>
>> By
(Sorry of top post as gmail seems to be used to it...)
On Fri, Sep 05, 2008 at 11:31:27AM +1000, Chris Martin wrote:
> > Not listening is sufficient - that is the point
> > Having a firewall that is automatically updated as packages are installed
> is
> > dangerous. This is similar to UPnP and no
On Fri, Sep 05, 2008 at 11:31:27AM +1000, Chris Martin wrote:
> Not listening is sufficient - that is the point
> Having a firewall that is automatically updated as packages are installed is
> dangerous. This is similar to UPnP and not the right way to do security
>
> By having all packages autom
On Thursday 04 September 2008 18:55:41 Luke L wrote:
I second that. I'm also a new guy here but consider these two small examples:
- When you install a DNS server (e.g. bind), it listens on UDP 53 for normal
DNS requests and TCP 53 for zone transfer requests. The package could not
possibly know
lf Of Soren Hansen
Sent: Friday, 5 September 2008 1:39 AM
To: ubuntu-server@lists.ubuntu.com; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: ufw package integration
On Thu, Sep 04, 2008 at 09:58:40AM -0500, James Dinkel wrote:
> I would say leave the ports open and leave the profile files. Le
Should package integration be disabled by default? I know a lot of Linux
people who are a little unsettled by how much Ubuntu attempts to automate
things, without users' control or knowledge. Not all those arguments hold
water, but if a firewall were opening and closing ports on a system without
th
On Thu, Sep 4, 2008 at 10:39 AM, Soren Hansen <[EMAIL PROTECTED]> wrote:
> On Thu, Sep 04, 2008 at 09:58:40AM -0500, James Dinkel wrote:
> > I would say leave the ports open and leave the profile files. Leave
> > it up to the user to manage the firewall. If the package is removed,
> > it's not g
On Thu, Sep 04, 2008 at 09:58:40AM -0500, James Dinkel wrote:
> I would say leave the ports open and leave the profile files. Leave
> it up to the user to manage the firewall. If the package is removed,
> it's not going to be listening on those ports any more anyway.
If "not listening" was suffi
On Thu, Sep 4, 2008 at 11:58 AM, James Dinkel <[EMAIL PROTECTED]> wrote:
> On Thu, Sep 4, 2008 at 5:11 AM, Didier Roche <[EMAIL PROTECTED]> wrote:
>
>>
>> 2008/9/4 Nicolas Valcárcel <[EMAIL PROTECTED]>
>>
>>> On Wed, 2008-09-03 at 17:33 -0700, Steve Langasek wrote:
>>> > How does this design preve
On Thu, Sep 4, 2008 at 5:11 AM, Didier Roche <[EMAIL PROTECTED]> wrote:
>
> 2008/9/4 Nicolas Valcárcel <[EMAIL PROTECTED]>
>
>> On Wed, 2008-09-03 at 17:33 -0700, Steve Langasek wrote:
>> > How does this design prevent
>> > leaving ports open when the package that they legitimately correspond
>> >
2008/9/4 Nicolas Valcárcel <[EMAIL PROTECTED]>
> On Wed, 2008-09-03 at 17:33 -0700, Steve Langasek wrote:
> > How does this design prevent
> > leaving ports open when the package that they legitimately correspond
> > to is
> > no longer installed?
>
> I think we can (if it's not already preventing
On Wed, 2008-09-03 at 17:33 -0700, Steve Langasek wrote:
> How does this design prevent
> leaving ports open when the package that they legitimately correspond
> to is
> no longer installed?
I think we can (if it's not already preventing it) add a command
on .postrm that disables it on ufw. At the
On Tue, Aug 19, 2008 at 05:05:44PM -0400, Jamie Strandboge wrote:
> With the upload of ufw 0.20 to Intrepid yesterday, ufw now supports
> application (package) integration. This allows packages to declare their
> ports and protocols to ufw, so user's can specify an application profile
> when adding
On Tue, Aug 19, 2008 at 4:05 PM, Jamie Strandboge <[EMAIL PROTECTED]>wrote:
> With the upload of ufw 0.20 to Intrepid yesterday, ufw now supports
> application (package) integration. This allows packages to declare their
>
>
> Jamie
>
>
This sounds like a good idea. I can tell you it took me a
With the upload of ufw 0.20 to Intrepid yesterday, ufw now supports
application (package) integration. This allows packages to declare their
ports and protocols to ufw, so user's can specify an application profile
when adding and removing rules. Application profiles can be thought of
as simply port
19 matches
Mail list logo