Why admin's do not trust daemons to do their own packet filtering (was Re: Resuming the great cleanup)

Udo van den Heuvel udovdh at xs4all.nl
Wed May 30 13:05:31 UTC 2018

On 29-05-18 17:44, Mark Atwood, Project Manager via devel wrote:
> There are a couple of different but very similar angles of approach to
> explain why a network security experts will not trust a userspace daemon to
> control it's own defensive packet filtering.

So what iptables (etc) filter rules would you suggest?
Stuff liek at 

Please comment.

Rationale: simply leaving filtering out without suggesting an (better) 
alternative is no good.

Kind regards,

More information about the devel mailing list