[ale] rsync without ssh quick tutorial
Michael Trausch
mike at trausch.us
Tue Jan 20 16:36:30 EST 2015
It's been on my todo list for a little bit. I do know what you mean, though. I was just getting happy that I no longer need to consult the iptables man pages with uncommon usages anymore. :)
However, as with so many other things in the forward march of time, it will be better to know. One tool with a very small, generic, and secure implementation in the kernel, instead of tens of thousands of duplicated lines of code which can be controlled using a command line utility or netlink socket, and relies an your knowledge of little more than the requirements expressed as packet processing instructions.
For example, if you want to prohibit all (unencapsulated) IPv4 traffic, you just drop packets that show a version 4 IP header. No more custom kernel modules going up to layer 7, and no more upgrading the kernel to upgrade the firewall capabilities.
Sent from my iPad
> On Jan 20, 2015, at 2:22 PM, James Sumners <james.sumners at gmail.com> wrote:
>
>
>> On Tue, Jan 20, 2015 at 2:06 PM, Michael Trausch <mike at trausch.us> wrote:
>> Just a reminder that it is time to learn the new packet filter: nftables replaces iptables, ip6tables, ebtables, etc and works with the whole stack and is more efficient. (I myself need to spend a few days working with it.)
>
> Oh wtf? This is the last thing I needed.
>
>
> --
> James Sumners
> http://james.sumners.info/ (technical profile)
> http://jrfom.com/ (personal site)
> http://haplo.bandcamp.com/ (band page)
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150120/b42b3749/attachment.html>
More information about the Ale
mailing list