Not listening is sufficient - that is the point Having a firewall that is automatically updated as packages are installed is dangerous. This is similar to UPnP and not the right way to do security
By having all packages automatically update the firewall - you may as well not have a firewall Just because a HTTP server is installed it doesn't mean that it should be accessible. The decision to open the firewall should be a separate action Often packages get installed that are only intended to be accessed via a single interface on machines with multiple interfaces or via local host ONLY It really defeats the purpose of having a firewall if the ports are opened automatically --------------------------------- Chris Martin e: [EMAIL PROTECTED] m: +61(0)419812371 --------------------------------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Soren Hansen Sent: Friday, 5 September 2008 1:39 AM To: ubuntu-server@lists.ubuntu.com; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: ufw package integration On Thu, Sep 04, 2008 at 09:58:40AM -0500, James Dinkel wrote: > I would say leave the ports open and leave the profile files. Leave > it up to the user to manage the firewall. If the package is removed, > it's not going to be listening on those ports any more anyway. If "not listening" was sufficient, there'd be little point in having a firewall in the first place, wouldn't there? -- Soren Hansen | Virtualisation specialist | Ubuntu Server Team Canonical Ltd. | http://www.ubuntu.com/ -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam