F19 Firewall
Miloslav Trmač
mitr at volny.cz
Thu Sep 26 14:45:11 UTC 2013
On Thu, Sep 26, 2013 at 4:40 PM, Matthew Miller <mattdm at mattdm.org> wrote:
> On Thu, Sep 26, 2013 at 04:00:03PM +0200, Miloslav Trmač wrote:
>> It does; in my view the primary problem it fixes is iptables being at
>> too low level of abstraction. The question "is port 22 open" can be
>> only answered for itpables by interpreting a Turing-complete language.
>
> Or as everyone does it: by testing if a connection can be made. And,
> frankly, if that test passes, do we care what mechnism is enforcing it?
That somewhat works when checking for an open port, but not when you
want the port to be closed. Perhaps it's only closed for the
management machine that is doing the check, to shut the security
department up.
Mirek
More information about the security
mailing list