Quote Originally Posted by Dorotheos View Post
Ok guys, I don't know exactly what your backgrounds are, but an application based firewall is needed for linux to gain popularity and maintain it's high security. I use appamor, selinux, snort, and a host of other hids services to maintain my host. However, to run online games that access multiple ip addresses or even use services such as skype witch uses p2p to communicate, an application based firewall is needed. I definately don't want to open all the ports needed for those services on my host for anytime use, and i don't want to keep turning everything off to use them. An application based firewall is needed to continue to maintain our call to the world that ubuntu is ready to be used as your home os.
Don't know about gaming, but Skype works just fine with UFW in a default-deny configuration. That is to say, if the connection is initiated by the user on the client side, then the established and related connections will work just fine. It just doesn't allow unsolicited connections to be initiated from external devices. For Skype, all I have to do is start the client and sign in; no need to open any ports or anything like that. I don't deny anything on the egress side since the only things that connect that way are things that I've started in the first place. Denying outbound traffic doesn't really improve security (on the Linux desktop), but can restrict functionality greatly, or worse, can lead users to make granular changes which undermine whatever protection they thought they were setting up in the first place.