[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Firewall and user services that needs open ports

From: "Nicolas Mailhot" <nicolas mailhot laposte net>
To: "Development discussions related to Fedora" <fedora-devel-list redhat com>
Subject: Re: Firewall and user services that needs open ports
Date: Mon, 23 Jun 2008 09:58:52 +0200 (CEST)

Le Lun 23 juin 2008 08:37, Callum Lerwick a écrit :

> Yes, the correct thing to do for local security is use something like
> selinux to prevent things from binding to interfaces/ports they
> shouldn't be
> binding to in the first place. Using iptables for this is a completely
> unsustainable hack. iptables firewalling is for machines that route
> packets to other machines.

Iptables is actually wonderfully simple and transparent to normal
users, unlike apps that do black magic using a system bus one can't
inspect, a registry system full of rotten undocumented keys, and
massive use of bandaids (PA startup I'm thinking about you).

You'll take iptables out of my system the day I can easily check the
spaguetti pile userspace is those days is not misbehaving. And no
current selinux is not an "easy to inspect" system.

-- 
Nicolas Mailhot

Follow-Ups:
- Re: Firewall and user services that needs open ports
  - From: Colin Walters

References:
- Firewall and user services that needs open ports
  - From: Izhar Firdaus
- Re: Firewall and user services that needs open ports
  - From: Andrew Farris
- Re: Firewall and user services that needs open ports
  - From: Chuck Anderson
- Re: Firewall and user services that needs open ports
  - From: Callum Lerwick

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]