On Wed, Feb 27, 2008 at 03:51:20PM +0100, Patrick McHardy wrote: > Well, yes, the main question is whether this causes privacy issues. > "Security by obscurity" is a pretty poor argument, does anyone have > a well founded reason for not allowing users to see the rules and > counters? I really don't think this is a good idea. We allow non-root users on some of our firewalls, and I don't want them to see the ruleset. Also, it helps miscreants to better pick their targets, if they know in advance which ports are opened. If making this change, *please* consider making it configurable, with the default being NO access. Phil - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html