Should package integration be disabled by default? I know a lot of Linux people who are a little unsettled by how much Ubuntu attempts to automate things, without users' control or knowledge. Not all those arguments hold water, but if a firewall were opening and closing ports on a system without the admin's express, explicit consent, it could quickly drive away the users this could benefit.
As the disclaimer goes with EVERY post I make to the MLs here: I am not an expert, and I am not an active developer here. I am asking that it be considered, if it hasn't already, that package integration be an optional, if not disabled-by-default, feature. Let the admin know (with confirmation) that package integration is on, and that the OS will attempt to "inetlligently" (emphasis on quotes) adjust firewall settings based on installed programs. It could be argued that if someone wants full control over their firewall they could just use iptables, but meh. On Thu, Sep 4, 2008 at 10:58 AM, James Dinkel <[EMAIL PROTECTED]> wrote: > On Thu, Sep 4, 2008 at 10:39 AM, Soren Hansen <[EMAIL PROTECTED]> wrote: > >> On Thu, Sep 04, 2008 at 09:58:40AM -0500, James Dinkel wrote: >> > I would say leave the ports open and leave the profile files. Leave >> > it up to the user to manage the firewall. If the package is removed, >> > it's not going to be listening on those ports any more anyway. >> >> If "not listening" was sufficient, there'd be little point in having a >> firewall in the first place, wouldn't there? >> >> -- >> Soren Hansen > > > Well, 'not listening' _should_ be sufficient, however I prefer (and > suggest) to use a firewall as an extra layer of protection. I must have > been mistaken, I did not realize we were debating the merits of a firewall, > only whether or not packages should automatically change firewall rules. Of > course, if I trusted packages to manage opening and closing their own > firewall rules, then I might as well trust them to listen or not on those > ports, so in that case then yes there would be little point in having a > firewall in the first place. > > James > > On Thu, Sep 4, 2008 at 10:02 AM, Cody A.W. Somerville < > [EMAIL PROTECTED]> wrote: > >> >> Why don't we just leave all ports open then? :P >> >> -- >> Cody A.W. Somerville <[EMAIL PROTECTED]> >> > > > Well, for a long time that was the standard setup for Ubuntu. As I > mentioned above though, I would suggest using a firewall with all ports > blocked by default as an additional layer of protection. > > -- > ubuntu-server mailing list > ubuntu-server@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server > More info: https://wiki.ubuntu.com/ServerTeam > -- Luke L.
-- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
