Why admin's do not trust daemons to do their own packet filtering (was Re: Resuming the great cleanup)
Udo van den Heuvel
udovdh at xs4all.nl
Wed May 30 13:05:31 UTC 2018
On 29-05-18 17:44, Mark Atwood, Project Manager via devel wrote:
> There are a couple of different but very similar angles of approach to
> explain why a network security experts will not trust a userspace daemon to
> control it's own defensive packet filtering.
Cool.
So what iptables (etc) filter rules would you suggest?
Stuff liek at
http://packetpushers.net/one-liner-iptables-rule-to-filter-ntp-reflection-on-linux-hypervisor/
?
More?
Please comment.
Rationale: simply leaving filtering out without suggesting an (better)
alternative is no good.
Kind regards,
Udo
More information about the devel
mailing list