On Thu, Sep 26, 2013 at 4:40 PM, Matthew Miller <mattdm@xxxxxxxxxx> wrote:
> On Thu, Sep 26, 2013 at 04:00:03PM +0200, Miloslav Trmač wrote:
>> It does; in my view the primary problem it fixes is iptables being at
>> too low level of abstraction. The question "is port 22 open" can be
>> only answered for itpables by interpreting a Turing-complete language.
>
> Or as everyone does it: by testing if a connection can be made. And,
> frankly, if that test passes, do we care what mechnism is enforcing it?
That somewhat works when checking for an open port, but not when you
want the port to be closed. Perhaps it's only closed for the
management machine that is doing the check, to shut the security
department up.
Mirek
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security
