On Thu, Sep 26, 2013 at 04:00:03PM +0200, Miloslav Trmač wrote: > It does; in my view the primary problem it fixes is iptables being at > too low level of abstraction. The question "is port 22 open" can be > only answered for itpables by interpreting a Turing-complete language. Or as everyone does it: by testing if a connection can be made. And, frankly, if that test passes, do we care what mechnism is enforcing it? -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
