On Sat, Mar 3, 2018 at 7:55 PM, Walter Dnes wrote:
> On Wed, Feb 28, 2018 at 04:40:37PM -0700, Grant Taylor wrote
>> On 02/28/2018 02:15 PM, Walter Dnes wrote:
>>>
>>> Is there something besides iptables?
>>
>> nftables
>
> Assuming I just want filtering, could I emerge nftables and unmerge
> ipta
On 03/03/2018 05:55 PM, Walter Dnes wrote:
Assuming I just want filtering, could I emerge nftables and unmerge
iptables and have a functional firewall?
Simplistically, yes.
It's my understanding that iptables and nftables are two completely
different firewalling technologies. So you will nee
On Thu, Mar 1, 2018 at 8:48 PM, Walter Dnes wrote:
> On Thu, Mar 01, 2018 at 12:58:44PM -0500, Tom H wrote
>> On Wed, Feb 28, 2018 at 4:15 PM, Walter Dnes wrote:
>>>
>>> Is there something besides iptables? It seems to be like
>>> systemd/perl/python, continuously expanding its scope. And no, I'm
On Wed, Feb 28, 2018 at 04:40:37PM -0700, Grant Taylor wrote
> On 02/28/2018 02:15 PM, Walter Dnes wrote:
> > Is there something besides iptables?
>
> nftables
Assuming I just want filtering, could I emerge nftables and unmerge
iptables and have a functional firewall?
--
Walter Dnes
I don't
On Fri, Mar 2, 2018 at 6:34 PM, Grant Taylor
wrote:
> On 03/02/2018 05:08 AM, Rich Freeman wrote:
>>
>> On the other hand, if netfilter were implemented in userspace such as via
>> a microkernel, then if it contained a bug the remote attacker would be able
>> to MITM all network traffic on the mac
On 03/02/2018 05:08 AM, Rich Freeman wrote:
On the other hand, if netfilter were implemented in userspace such as
via a microkernel, then if it contained a bug the remote attacker would
be able to MITM all network traffic on the machine, but that would
be the extent of the access they have.
I
On Fri, Mar 2, 2018 at 6:42 AM, Heiko Baums wrote:
> Am Thu, 1 Mar 2018 21:45:46 -0500
> schrieb Rich Freeman :
>
>> If they did move netfilter to userspace, then it would
>
> most likely be more insecure because a userspace process can be easier
> bypassed, killed, hacked or whatever. That's a lo
Am Thu, 1 Mar 2018 21:45:46 -0500
schrieb Rich Freeman :
> If they did move netfilter to userspace, then it would
most likely be more insecure because a userspace process can be easier
bypassed, killed, hacked or whatever. That's a lot harder with the
kernel if not impossible.
See all those pers
On Thu, Mar 1, 2018 at 8:48 PM, Walter Dnes wrote:
> On Thu, Mar 01, 2018 at 12:58:44PM -0500, Tom H wrote
>> On Wed, Feb 28, 2018 at 4:15 PM, Walter Dnes wrote:
>> >
>> > Is there something besides iptables? It seems to be like
>> > systemd/perl/python, continuously expanding its scope. And no,
On 02/28/2018 02:15 PM, Walter Dnes wrote:
Is there something besides iptables?
nftables
I think BPF may come into context here, but I've mostly ignored it, so
I'm not sure.
It seems to be like systemd/perl/python, continuously expanding its scope.
What do you mean?
I've seen newer matc
10 matches
Mail list logo