← Back to team overview

ubuntu-phone team mailing list archive

Re: Firewall: feature request for settings and volunteering to write a Firewall app

 

Hi,

On 06.07.2015 09:36, Timo Jyrinki wrote:
> Moro JP,
> 
> On Mon, Jul 6, 2015 at 9:51 AM, Juhapekka Piiroinen
> <juhapekka.piiroinen@xxxxxxxxx> wrote:
>> Topic 1/2: Feature request for settings
>> I was wondering if someone could add a switch for the ufw
>> enable/disable to the settings? As now the default iptables rules are
>> to allow all traffic. And only way to enable the firewall is to 'sudo
>> ufw enable' from terminal.
>>
>> Topic 2/2: Volunteering to write a Firewall App
>> - I was also thinking that I could volunteer to implement a firewall
>> UI for the ufw, but for that I would need some help on how to setuid
>> to root from c++/qml app?
> 
> This might be in the geeky / needs special rights territory to that
> extent that it might need to go to the TweakGeek app, or Open App
> Store in general? Michael, could tweakgeek be made into a normal LP
> project (now at https://code.launchpad.net/~mzanetti/+junk/tweakgeek)
> to accept MP:s?

Done. There's lp:tweakgeek now.

I was already considering adding some simple means for starting/stopping
ufw from there. Speaking of a fully fledged firewall thing, I would say
that deserves its own app.

> 
> That way the feature would be not exposed to ordinary users that might
> not understand consequences.
> 
> The way to include something like it in Ubuntu by default would be to
> design some new security feature that includes that and probably other
> security features in something that would make sense for the design
> team to design. There'd need to be a normal user use case, the ability
> to explain the feature to users, etc, all of which seem to me a lot
> bigger topics than just "enable firewall yes/no".
> 
> Alternatively, ubuntu-system-settings could include proper external
> plugin support, I'm not sure if something like that is in plans? Or
> maybe it's already doable, but again it'd need to go through
> non-official store since normal click packages wouldn't be allowed to
> add those plugins to u-s-s?
> 
> -Timo
> 

Attachment: signature.asc
Description: OpenPGP digital signature


References