Le Lun 23 juin 2008 08:37, Callum Lerwick a écrit : > Yes, the correct thing to do for local security is use something like > selinux to prevent things from binding to interfaces/ports they > shouldn't be > binding to in the first place. Using iptables for this is a completely > unsustainable hack. iptables firewalling is for machines that route > packets to other machines. Iptables is actually wonderfully simple and transparent to normal users, unlike apps that do black magic using a system bus one can't inspect, a registry system full of rotten undocumented keys, and massive use of bandaids (PA startup I'm thinking about you). You'll take iptables out of my system the day I can easily check the spaguetti pile userspace is those days is not misbehaving. And no current selinux is not an "easy to inspect" system. -- Nicolas Mailhot -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
