Re: [gentoo-user] [OT] Best *SIMPLE* firewall?

On Sat, Mar 3, 2018 at 7:55 PM, Walter Dnes wrote: > On Wed, Feb 28, 2018 at 04:40:37PM -0700, Grant Taylor wrote >> On 02/28/2018 02:15 PM, Walter Dnes wrote: >>> >>> Is there something besides iptables? >> >> nftables > > Assuming I just want filtering, could I emerge

Re: [gentoo-user] [OT] Best *SIMPLE* firewall?

On 03/03/2018 05:55 PM, Walter Dnes wrote: Assuming I just want filtering, could I emerge nftables and unmerge iptables and have a functional firewall? Simplistically, yes. It's my understanding that iptables and nftables are two completely different firewalling technologies. So you will

Re: [gentoo-user] [OT] Best *SIMPLE* firewall?

On Thu, Mar 1, 2018 at 8:48 PM, Walter Dnes wrote: > On Thu, Mar 01, 2018 at 12:58:44PM -0500, Tom H wrote >> On Wed, Feb 28, 2018 at 4:15 PM, Walter Dnes wrote: >>> >>> Is there something besides iptables? It seems to be like >>>

Re: [gentoo-user] [OT] Best *SIMPLE* firewall?

On Wed, Feb 28, 2018 at 04:40:37PM -0700, Grant Taylor wrote > On 02/28/2018 02:15 PM, Walter Dnes wrote: > > Is there something besides iptables? > > nftables Assuming I just want filtering, could I emerge nftables and unmerge iptables and have a functional firewall? -- Walter Dnes

Re: [gentoo-user] [OT] Best *SIMPLE* firewall?

On Fri, Mar 2, 2018 at 6:34 PM, Grant Taylor wrote: > On 03/02/2018 05:08 AM, Rich Freeman wrote: >> >> On the other hand, if netfilter were implemented in userspace such as via >> a microkernel, then if it contained a bug the remote attacker would be able >> to

Re: [gentoo-user] [OT] Best *SIMPLE* firewall?

On 03/02/2018 05:08 AM, Rich Freeman wrote: On the other hand, if netfilter were implemented in userspace such as via a microkernel, then if it contained a bug the remote attacker would be able to MITM all network traffic on the machine, but that would be the extent of the access they have.

Re: [gentoo-user] [OT] Best *SIMPLE* firewall?

On Fri, Mar 2, 2018 at 6:42 AM, Heiko Baums wrote: > Am Thu, 1 Mar 2018 21:45:46 -0500 > schrieb Rich Freeman : > >> If they did move netfilter to userspace, then it would > > most likely be more insecure because a userspace process can be easier >

Re: [gentoo-user] [OT] Best *SIMPLE* firewall?

Am Thu, 1 Mar 2018 21:45:46 -0500 schrieb Rich Freeman : > If they did move netfilter to userspace, then it would most likely be more insecure because a userspace process can be easier bypassed, killed, hacked or whatever. That's a lot harder with the kernel if not impossible.

Re: [gentoo-user] [OT] Best *SIMPLE* firewall?

On Thu, Mar 1, 2018 at 8:48 PM, Walter Dnes wrote: > On Thu, Mar 01, 2018 at 12:58:44PM -0500, Tom H wrote >> On Wed, Feb 28, 2018 at 4:15 PM, Walter Dnes wrote: >> > >> > Is there something besides iptables? It seems to be like >> >

[gentoo-user] [OT] Best *SIMPLE* firewall?

On Thu, Mar 01, 2018 at 12:58:44PM -0500, Tom H wrote > On Wed, Feb 28, 2018 at 4:15 PM, Walter Dnes wrote: > > > > Is there something besides iptables? It seems to be like > > systemd/perl/python, continuously expanding its scope. And no, I'm not > > looking for an

Re: [gentoo-user] [OT] Best *SIMPLE* firewall?

On 02/28/2018 02:15 PM, Walter Dnes wrote: Is there something besides iptables? nftables I think BPF may come into context here, but I've mostly ignored it, so I'm not sure. It seems to be like systemd/perl/python, continuously expanding its scope. What do you mean? I've seen newer