On Thu, Sep 4, 2008 at 10:39 AM, Soren Hansen <[EMAIL PROTECTED]> wrote:
> On Thu, Sep 04, 2008 at 09:58:40AM -0500, James Dinkel wrote: > > I would say leave the ports open and leave the profile files. Leave > > it up to the user to manage the firewall. If the package is removed, > > it's not going to be listening on those ports any more anyway. > > If "not listening" was sufficient, there'd be little point in having a > firewall in the first place, wouldn't there? > > -- > Soren Hansen Well, 'not listening' _should_ be sufficient, however I prefer (and suggest) to use a firewall as an extra layer of protection. I must have been mistaken, I did not realize we were debating the merits of a firewall, only whether or not packages should automatically change firewall rules. Of course, if I trusted packages to manage opening and closing their own firewall rules, then I might as well trust them to listen or not on those ports, so in that case then yes there would be little point in having a firewall in the first place. James On Thu, Sep 4, 2008 at 10:02 AM, Cody A.W. Somerville < [EMAIL PROTECTED]> wrote: > > Why don't we just leave all ports open then? :P > > -- > Cody A.W. Somerville <[EMAIL PROTECTED]> > Well, for a long time that was the standard setup for Ubuntu. As I mentioned above though, I would suggest using a firewall with all ports blocked by default as an additional layer of protection.
-- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
