On Thu, May 21, 2009 at 11:14:41AM +0100, Justin B Rye wrote:
> Agreed. ("Found X" is active, with the subject omitted; "X found"
> makes it passive, and can do that vagueness more naturally.)
What he said ;)
> > Template: ufw/enable
> [...]
> > + If you answer yes, the rules you set in this installer will take immediate
> > + effect, and will be enabled during startup so that this host is protected
> > + as early as possible. If you answer no, you must start ufw manually.
>
> (Are we okay with implying that the answers are "yes" and "no" or is
> that making some sort of invalid assumption?)
Changed to this:
+ If enabled, the rules you are about to set will take immediate
+ effect, and will be enabled during startup so that this host is protected
+ as early as possible. Alternatively, you may start ufw manually but this host
+ will not be protected until you do so.
It's a little more long-winded but avoids any mention of yes and no.
Justin: is the comma after 'Alternatively' in the right place or should it
move to after 'manually'?
> > Template: ufw/allow_known_ports
> > Type: multiselect
> > _Choices: Cups, DNS, Imap (Secure), Pop3 (Secure), SSH, Samba, Smtp, WWW, WWW (Secure)
>
> (Some inconsistent capitalisation there...)
I'd like to make these all lower-case, but I think from a quick look it
will affect the postinst. Maintainer, would you consider making this
change?
> > _Description: Allow the following services:
> > - Selecting an item from this list allows all traffic to the specified service.
> > + The appropriate ports will be opened for each service you select in this list.
> > + .
> > + If you want to allow a service that is not in this list, you may do so later
> > + in this installer.
> >
> > Make it clearer exactly what's going to happen. Reassure the user that
> > this isn't an absolute list; s/he can add other things in a minute.
>
> s/later in this installer/later in this installation process/?
>
> Talking about the installer might be confusing if it's a routine
> version-upgrade; I'm not sure if my version's any better.
> Alternatively we could turn it into something like "Allowing extra
> services that are not on this list will be handled by a subsequent
> question"?
New suggestion:
+ If you want to allow a service that is not in this list, you will have an
+ opportunity to specify it shortly.
> > Template: ufw/allow_custom_ports
> > Type: string
> > -_Description: Allow additional ports:
> > +_Description: Allow these additional ports:
> >
> > Reads like a boolean - make it definitely not.
>
> "Additional ports to be allowed:"?
I've made it 'Additional services' to be consistent with the previous
question.
> > Give the example its own paragraph for clarity. One can't 'have open',
> > it's a verb (though I'm not a linguist :)
>
> Sorry, I don't get it - you can have a window open, can't you? But
> yes, the "have" is redundant, now you mention it.
Ok, not well explained. Sorry.
> Hang on - "http" isn't in /etc/services (port 80 is "www"). Will
> ufw in fact accept it?
Good catch. I think, skimming the postinst again, that it needs to be
www. But it should be that regardless, so changed a bit to:
+ Example: to allow a web server, port 53
+ and tcp port 22, enter 'www 53 22/tcp'.
> Yes, Packet Filter rather than PostFix or PageFault or Pink Floyd!
> There's a reference somewhere on their homepage. I was thinking it
> might read better as "with syntax similar to OpenBSD's Packet
> Filter".
Agreed.
> Which reminds me - should that Architecture: line now say
> all-except-the-kfreebsds?
As to that, I've no idea.
Christian: attaching the full template and control file as you requested
(I suspected it might have happened).
--
Jonathan Wiltshire
PGP/GPG: 0xDB800B52 / 4216 F01F DCA9 21AC F3D3 A903 CA6B EA3E DB80 0B52
Source: ufw
Section: admin
XS-Python-Version: >= 2.5
Priority: optional
Maintainer: Jamie Strandboge <jamie@ubuntu.com>
Build-Depends-Indep: python-central (>= 0.5.6), sed (>= 3.95), netbase, iptables
Build-Depends: debhelper (>= 5.0.38), po-debconf
Standards-Version: 3.8.1
Homepage: https://launchpad.net/ufw
Vcs-Bzr: https://bazaar.launchpad.net/~jdstrand/ufw/trunk
Package: ufw
Architecture: all
Depends: debconf, ${python:Depends}, ${misc:Depends}, iptables (>= 1.4.0), ucf
XB-Python-Version: ${python:Versions}
Description: program for managing a netfilter firewall
The Uncomplicated FireWall is a front-end for iptables, to make managing a
Netfilter firewall easier. It provides a command line interface with syntax
similar to OpenBSD's Packet Filter. It is particularly well-suited as a
host-based firewall.
Template: ufw/existing_configuration Type: error _Description: Existing configuration found You must adjust your existing rules by hand. See the 'man ufw' command for details. Template: ufw/enable Type: boolean Default: false _Description: Start ufw automatically? If enabled, the rules you are about to set will take immediate effect, and will be enabled during startup so that this host is protected as early as possible. Alternatively, you may start ufw manually but this host will not be protected until you do so. Template: ufw/allow_known_ports Type: multiselect _Choices: Cups, DNS, Imap (Secure), Pop3 (Secure), SSH, Samba, Smtp, WWW, WWW (Secure) _Description: Allow the following services: The appropriate ports will be opened for each service you select in this list. . If you want to allow a service that is not in this list, you will have an opportunity to specify it shortly. Template: ufw/allow_custom_ports Type: string _Description: Additional services to be allowed: Please enter a space separated list of any additional ports you would like to open. You may use a service name (as found in /etc/services), a port number, or a port number with protocol. . Example: to allow a web server, port 53 and tcp port 22, enter 'www 53 22/tcp'.
--- /home/jona/debian/rewrite/ufw/ufw.old/debian/templates 2009-05-19 17:57:28.000000000 +0100
+++ /home/jona/debian/rewrite/ufw/ufw/debian/templates 2009-05-21 18:43:30.000000000 +0100
@@ -1,28 +1,33 @@
Template: ufw/existing_configuration
Type: error
-_Description: Found existing configuration
- An existing configuration was found. Please use the ufw command to manage your
- firewall rules. See 'man ufw' for details.
+_Description: Existing configuration found
+ You must adjust your existing rules by hand. See the 'man ufw' command
+ for details.
Template: ufw/enable
Type: boolean
Default: false
-_Description: Enable ufw
- If you enable ufw now, it will block incoming connections and will be started
- the next time you reboot. If it is disabled, ufw will not be started on boot.
- To start or stop ufw without rebooting, please use '/etc/init.d/ufw start' or
- '/etc/init.d/ufw stop'.
+_Description: Start ufw automatically?
+ If enabled, the rules you are about to set will take immediate
+ effect, and will be enabled during startup so that this host is protected
+ as early as possible. Alternatively, you may start ufw manually but this host
+ will not be protected until you do so.
Template: ufw/allow_known_ports
Type: multiselect
_Choices: Cups, DNS, Imap (Secure), Pop3 (Secure), SSH, Samba, Smtp, WWW, WWW (Secure)
_Description: Allow the following services:
- Selecting an item from this list allows all traffic to the specified service.
+ The appropriate ports will be opened for each service you select in this list.
+ .
+ If you want to allow a service that is not in this list, you will have an
+ opportunity to specify it shortly.
Template: ufw/allow_custom_ports
Type: string
-_Description: Allow additional ports:
+_Description: Additional services to be allowed:
Please enter a space separated list of any additional ports you would like to
- have open. These may either be a service name as found in /etc/services, a
- port number, or a port number/protocol combination. Eg, to allow http, port 53
- and tcp port 22, use 'http 53 22/tcp'.
+ open. You may use a service name (as found in /etc/services), a
+ port number, or a port number with protocol.
+ .
+ Example: to allow a web server, port 53
+ and tcp port 22, enter 'www 53 22/tcp'.
--- /home/jona/debian/rewrite/ufw/ufw.old/debian/control 2009-05-19 17:57:28.000000000 +0100
+++ /home/jona/debian/rewrite/ufw/ufw/debian/control 2009-05-21 18:44:49.000000000 +0100
@@ -14,6 +14,7 @@
Depends: debconf, ${python:Depends}, ${misc:Depends}, iptables (>= 1.4.0), ucf
XB-Python-Version: ${python:Versions}
Description: program for managing a netfilter firewall
- Ufw is a tool to manage a netfilter firewall. It provides a command line
- interface with PF-style syntax and aims to be uncomplicated and easy to use.
- It is particularly well-suited for use as a host-based firewall.
+ The Uncomplicated FireWall is a front-end for iptables, to make managing a
+ Netfilter firewall easier. It provides a command line interface with syntax
+ similar to OpenBSD's Packet Filter. It is particularly well-suited as a
+ host-based firewall.
Attachment:
signature.asc
Description: Digital signature