Package integration for ufw was discussed in UDS Prague, and you can read about ufw's application integration in https://wiki.ubuntu.com/UbuntuFirewall. The basic idea is this:
1. a package declares profiles to ufw by putting them in a file in /etc/ufw/applications.d (*). There should only be a limited number of common profiles from which the user can choose. Eg, a webserver might open port 80, port 443 or both. 2. the postinst of this package runs 'ufw app update --add-new <profile>', where <profile> is a profile which declares the ports that the application is listening on after installation (perhaps this is decided via debconf logic, perhaps not). 'ufw app update --add-new <profile>' will *not* open up any ports in the firewall unless the administrator has changed the default application policy. The above command does nothing if ufw is disabled. An administrator need not use application profiles at all, so if he/she wants to use port 2525 for postfix, then he/she can add a rule like 'ufw allow 2525/tcp' just like always. Please see https://wiki.ubuntu.com/UbuntuFirewall and 'man ufw' for details. (*) I am actually going to change this to /etc/firewall.d for easier inclusion into Debian -- Please add UFW profile integration with postfix https://bugs.launchpad.net/bugs/261698 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
