Re: OUTPUT filtering

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: OUTPUT filtering
From: Amin Azez <azez@xxxxxxxxxxxxxxx>
Date: Thu, 14 Jul 2005 13:20:46 +0100
In-reply-to: <42D5291E.7090308@gmx.co.uk>
References: <04EE7AD0450F7B498BA216312943A1A102937F25@blrse201.ap.infineon.com> <42D4E11C.2080100@mnemon.de> <Pine.LNX.4.61.0507131212090.14635@yvahk01.tjqt.qr> <42D5291E.7090308@gmx.co.uk>
Sender: netfilter-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0.2 (X11/20050404)

/dev/rob0 wrote:
> Note that OUTPUT filtering only controls non-root users. A root user can
> disable or bypass it. If you have local shell users who cannot be
> trusted, and if you didn't already understand all this, chances are
> those users already have rooted you. :)

Quite so, but output filtering can also be applied to a
firewall/router/bridge with no user accounts.

Amin

Follow-Ups:
- Re: OUTPUT filtering
  - From: Jörg Harmuth

References:
- Ip_conntrack_ftp with PASSIVE FTP does not work
  - From: Chandra.Vempali
- Re: Ip_conntrack_ftp with PASSIVE FTP does not work
  - From: Jörg Harmuth
- Re: Ip_conntrack_ftp with PASSIVE FTP does not work
  - From: Jan Engelhardt
- OUTPUT filtering (was: Re: Ip_conntrack_ftp ...)
  - From: /dev/rob0

Prev by Date: Re: size of recent blacklist
Next by Date: Re: dnatting
Previous by thread: OUTPUT filtering (was: Re: Ip_conntrack_ftp ...)
Next by thread: Re: OUTPUT filtering
Index(es):
- Date
- Thread

[Index of Archives] [Linux Netfilter Development] [Linux Kernel Networking Development] [Netem] [Berkeley Packet Filter] [Linux Kernel Development] [Advanced Routing & Traffice Control] [Bugtraq]

Powered by Linux