Ubuntu QA:
BlogBrainstormPackage status
Log in
Ubuntu QA
The Ubuntu community has contributed 21986 ideas, 135057 comments, 2615221 votes
Idea sandbox Idea sandbox
Popular ideas Popular ideas
Ideas in development Ideas in development
Implemented ideas Implemented ideas
Idea #2116: Add firewall GUI by default and configure firewall in strict mode

bug This idea is a duplicate of Idea #22: GUI for ufw (Uncomplicated Firewall).
Written by develvic the 1 Mar 08 at 10:55. Category: Installation. Related project: Nothing/Others. Status: New
Rationale
Add firewall GUI by default and configure firewall in strict mode (all ports closed). Will be great to have also AppArmor configured for maximum security by default (for installed by default applications)
Tags: (none)

29
votes
closed
Solution #1: Auto-generated solution of idea #2116
Written by develvic the 1 Mar 08 at 10:55.
Ubuntu Brainstorm was updated in January 2009. Since the idea #2116 was submitted before this update, its rationale and solution are not separated. Please vote accordingly, and if you have the necessary rights, please separate the rationale from the solution. Thanks!

Propose your solution

Attachments
No attachments.


Duplicates


Comments
jonathan324 wrote on the 1 Mar 08 at 11:05
Try to make Ubuntu really secure. A default firewall will improve Ubuntu.

zartox wrote on the 1 Mar 08 at 11:12
Fwbuilder included whith basic rules could be great

narnian wrote on the 1 Mar 08 at 12:57
Ummm, by default Ubuntu has no services listening on any ports. What extra value does the firewall provide? If you choose to install a service (say share a printer) then aren't you already explicitly turning on a service that is listening. In your case you would also want to explicitly open the firewall. This just creates two actions to do the same thing.

No, this would just make you FEEL safer, and not actually make you safer - hence this is just security theater.

develvic wrote on the 1 Mar 08 at 14:09
I see more times how unexperienced users installs a service and forget for it...
What extra value? For example, after new service installation allow user to choose on which interface open service port, may be make sens to provide logical separation as internal/external/DMZ

andrewfenn wrote on the 1 Mar 08 at 14:37
Pointless, if you install a service, you expect to use it. If you're finished using it, then turn it off in the services dialog.

Your suggestion just creates headaches for the user without making anything more secure as no ports are open on Ubuntu by default.

Ubuntu shouldn't be used as your router and it should always be internal not in the DMZ.

alexandreracine wrote on the 1 Mar 08 at 15:28
Add firestarter to all your Ubuntu installation and you'll be okay.

rawsausage wrote on the 1 Mar 08 at 15:29
#

If I may say, nice work but moot. I've run 100% non-firewalled Windows XP on 10mbit copper connection 24/7 for couple years. Not one single security problem. I have run non-firewalled Linux for years. It's a storm out there but it does not do a thing. Why? There are two very simple reasons.

First of all, firewalls affect the symptoms and not the reasons of security problems. Manage your platform well (updates, sane configuration etc) and you have managed the reasons. Second, if you have a vulnerability in some daemon or like you will be opening most likely a hole for it anyways - making the firewall in most cases useless anyways. On top of that firewalls break easily intented network usage and provide a huge potential common point of failure.

In the end of the day firewalls do NOT belong on simple desktops at all.


Post your comment