Linked by Howard Fosdick on Mon 30th May 2011 22:04 UTC
Ubuntu, Kubuntu, Xubuntu Canonical Ltd., the company behind Ubuntu Linux, estimates that the product has over 12 million users worldwide. And why not? Ubuntu is free and it runs more than ten thousand applications. It has a vibrant user community, websites covering everything you might ever need to know, good tutorials, a paid support option, and more. Yet I often hear friends and co-workers casually criticize Ubuntu. Perhaps this the price of success. Or is it? In this article I'll analyze common criticisms and try to sort fact from fiction.
Thread beginning with comment 475234
To read all comments associated with this story, please click here.
Ubuntu doesn't NEED a firewall
by mintar on Tue 31st May 2011 09:53 UTC
mintar
Member since:
2008-09-26

Why would you need a firewall? By default, Ubuntu ships with no open ports on public interfaces. That means that in its default configuration, a port scan on an Ubuntu machine would show exactly the same result with or without a firewall. That's a big difference to Windows, where (at least until XP) the system shipped in a vulnerable state, so it became almost a reflex to install a firewall immediately after a fresh install.

Now, whenever you install a new server program, you usually want its public ports to be reachable -- that is the whole point of installing a server program. Having to configure the firewall after installation is just an additional step. If you don't want that program to open a public port (e.g., MySQL or Apache installed locally for testing), you can just disable that in the program's config files. I can't think of a single server program I ever installed (except MySQL and Apache, see above) where I didn't want its ports to be open. In contrast to many Windows programs, Linux programs usually don't go about opening ports when it's not absolutely necessary.

That said, I have to admit that a firewall might be useful for newbies who might accidentally install a server program without knowing that it will open a port.

Reply Score: 2

Lennie Member since:
2007-09-22

I completely agree, exactly my thought. A firewall is hardly needed in Ubuntu.

The only thing which is installed by default and listening on the network is the Avahi-daemon.

Personally I think the Avahi-daemon could be configured a bit more strict but that is about it (I think this is because of compatibility with old Mac OS X versions or something).

A firewall on by default could help with installing daemons. But I think if that was on by default, I an install script for such a daemon would also probably open the port on the firewall during installation.

Or atleast do something along those lines to make it easy to do so.

Edited 2011-05-31 11:54 UTC

Reply Parent Score: 3

Gone fishing Member since:
2006-02-22

Agreed - I've seen users mess up personal firewalls in Windows leaving a box that can't connect to the Net get DHCP etc. As a desktop does Ubuntu need a firewall if the ports are closed? - different on a server but on the desktop an unnecessary complication.

Reply Parent Score: 2