Re: Better security? Haha
On Sat, 21 May 2011 08:26:50 +1000 Rod Whitworth wrote: And I think that we'd all laugh at unpriveleged apps messing with the rules. Yeah it should be a completely seperate layer if anything. It can already be done to some degree with systrace on OpenBSD and so I'd guess strace on Linux.
Re: Better security? Haha
On Sat, May 21, 2011 at 08:26:50AM +1000, Rod Whitworth wrote: Better tha iptables? http://www.esecurityplanet.com/news/article.php/3934151/Fedora-15-Boosts -Linux-Security.htm maybe... But apps opening pinholes? That's just asking for trouble! Oh dear. Those of us running pf for years know that being able to do rule changes on the fly is a Good Thing(tm). It's actually quite easy to make on the fly changes with iptables. The author may have misquoted. John And I think that we'd all laugh at unpriveleged apps messing with the rules. I just thought I'd share my amusement at this announcement. *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: Better security? Haha
On Sat, May 21, 2011 at 08:26:50AM +1000, Rod Whitworth wrote: Better tha iptables? http://www.esecurityplanet.com/news/article.php/3934151/Fedora-15-Boosts -Linux-Security.htm maybe... Imagine the dynamic firewall technology in the cloud!
Re: Better security? Haha
On Fri, 20 May 2011 17:49:22 -0500, John Jackson wrote: On Sat, May 21, 2011 at 08:26:50AM +1000, Rod Whitworth wrote: Better tha iptables? http://www.esecurityplanet.com/news/article.php/3934151/Fedora-15-Boosts -Linux-Security.htm maybe... But apps opening pinholes? That's just asking for trouble! Oh dear. Those of us running pf for years know that being able to do rule changes on the fly is a Good Thing(tm). It's actually quite easy to make on the fly changes with iptables. The author may have misquoted. Hardly. It is the entire rationale for having the new firewall. *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: Better security? Haha
Better tha iptables? http://www.esecurityplanet.com/news/article.php/3934151/Fedora-15-Boosts -Linux-Security.htm maybe... But apps opening pinholes? That's just asking for trouble! sarcasm You fuddy duddy guys don't know anything. Did you check wikipedia, the authoritative source of everything? http://en.wikipedia.org/wiki/Firewall_pinhole Static firewalls are a thing of the past, the pace of Linux kernel development is so hectic, that pretty soon only dynamically loaded firewalls will exist. /sarcasm Awww... I hope its not serious as some tech journos have a horrible time understanding simple things. In India during childhood, we were told of a story of a guy called Shekhchilli. A poor fool who was a woodcutter by profession. One day he climbed a tall tree with thick branches and started cutting a branch using his axe on it, while he was sitting on the same branch! Passerbys warned him but he wouldn't listen, he wanted that branch so bad. Fedora would be doing a shekhchilli to itself if true.
Re: Better security? Haha
Nope. Was changing a iptable rule on the fly on a ubuntu server at work yesterday. This is nothing new. The new shit is allowing programs to talk to the firewall. This may or may not be a good thing depend on how much control over which program may talk to it and what it can change. I certainly won't make any conclusion til I used and tested it.
Re: Better security? Haha
On 05/20/2011 05:26 PM, Rod Whitworth wrote: Better tha iptables? http://www.esecurityplanet.com/news/article.php/3934151/Fedora-15-Boosts -Linux-Security.htm maybe... But apps opening pinholes? Oh dear. Those of us running pf for years know that being able to do rule changes on the fly is a Good Thing(tm). And I think that we'd all laugh at unpriveleged apps messing with the rules. I just thought I'd share my amusement at this announcement. *** NOTE *** Please DO NOT CC me. Iam subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it. Wonder if it's related to this, in recent Linux kernel release 2.6.39: http://www.h-online.com/open/features/Kernel-Log-Coming-in-2-6-39-Part-1-Network-drivers-and-infrastructure-1227053.html Basically, iptables (which didn't really have user-visible tables at all, from what I can tell) finally gets something akin to pf's tables. But damn, using _dbus_ to update them? Not knocking Linux; I use it, too (hell, iz in ur TV). But not for firewalls.