On Fri, Sep 05, 2008 at 11:31:27AM +1000, Chris Martin wrote: > Not listening is sufficient - that is the point > Having a firewall that is automatically updated as packages are installed is > dangerous. This is similar to UPnP and not the right way to do security > > By having all packages automatically update the firewall - you may as well > not have a firewall > > Just because a HTTP server is installed it doesn't mean that it should be > accessible. The decision to open the firewall should be a separate action > > Often packages get installed that are only intended to be accessed via a > single interface on machines with multiple interfaces or via local host ONLY > > It really defeats the purpose of having a firewall if the ports are opened > automatically
Unless I'm much mistaken here, all that's being discussed is *closing* ports when you uninstall the package that "owned" the ports in question. -- Soren Hansen | Virtualisation specialist | Ubuntu Server Team Canonical Ltd. | http://www.ubuntu.com/
signature.asc
Description: Digital signature
-- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam