On Sat, Mar 3, 2018 at 7:55 PM, Walter Dnes wrote:
> On Wed, Feb 28, 2018 at 04:40:37PM -0700, Grant Taylor wrote
>> On 02/28/2018 02:15 PM, Walter Dnes wrote:
>>>
>>> Is there something besides iptables?
>>
>> nftables
>
> Assuming I just want filtering, could I emerge
On 03/03/2018 05:55 PM, Walter Dnes wrote:
Assuming I just want filtering, could I emerge nftables and unmerge
iptables and have a functional firewall?
Simplistically, yes.
It's my understanding that iptables and nftables are two completely
different firewalling technologies. So you will
On Thu, Mar 1, 2018 at 8:48 PM, Walter Dnes wrote:
> On Thu, Mar 01, 2018 at 12:58:44PM -0500, Tom H wrote
>> On Wed, Feb 28, 2018 at 4:15 PM, Walter Dnes wrote:
>>>
>>> Is there something besides iptables? It seems to be like
>>>
On Wed, Feb 28, 2018 at 04:40:37PM -0700, Grant Taylor wrote
> On 02/28/2018 02:15 PM, Walter Dnes wrote:
> > Is there something besides iptables?
>
> nftables
Assuming I just want filtering, could I emerge nftables and unmerge
iptables and have a functional firewall?
--
Walter Dnes
On Fri, Mar 2, 2018 at 6:34 PM, Grant Taylor
wrote:
> On 03/02/2018 05:08 AM, Rich Freeman wrote:
>>
>> On the other hand, if netfilter were implemented in userspace such as via
>> a microkernel, then if it contained a bug the remote attacker would be able
>> to
On 03/02/2018 05:08 AM, Rich Freeman wrote:
On the other hand, if netfilter were implemented in userspace such as
via a microkernel, then if it contained a bug the remote attacker would
be able to MITM all network traffic on the machine, but that would
be the extent of the access they have.
On Fri, Mar 2, 2018 at 6:42 AM, Heiko Baums wrote:
> Am Thu, 1 Mar 2018 21:45:46 -0500
> schrieb Rich Freeman :
>
>> If they did move netfilter to userspace, then it would
>
> most likely be more insecure because a userspace process can be easier
>
Am Thu, 1 Mar 2018 21:45:46 -0500
schrieb Rich Freeman :
> If they did move netfilter to userspace, then it would
most likely be more insecure because a userspace process can be easier
bypassed, killed, hacked or whatever. That's a lot harder with the
kernel if not impossible.
On Thu, Mar 1, 2018 at 8:48 PM, Walter Dnes wrote:
> On Thu, Mar 01, 2018 at 12:58:44PM -0500, Tom H wrote
>> On Wed, Feb 28, 2018 at 4:15 PM, Walter Dnes wrote:
>> >
>> > Is there something besides iptables? It seems to be like
>> >
On Thu, Mar 01, 2018 at 12:58:44PM -0500, Tom H wrote
> On Wed, Feb 28, 2018 at 4:15 PM, Walter Dnes wrote:
> >
> > Is there something besides iptables? It seems to be like
> > systemd/perl/python, continuously expanding its scope. And no, I'm not
> > looking for an
On 02/28/2018 02:15 PM, Walter Dnes wrote:
Is there something besides iptables?
nftables
I think BPF may come into context here, but I've mostly ignored it, so
I'm not sure.
It seems to be like systemd/perl/python, continuously expanding its scope.
What do you mean?
I've seen newer
11 matches
Mail list logo