Linked by Thom Holwerda on Fri 20th Mar 2009 22:01 UTC, submitted by diegocg
Linux The Netfilter development team's Patrick McHardy has released an alpha version of nftables, a new firewall implementation for the Linux kernel, with a user space tool for controlling the firewall. nftables introduces a fundamental distinction between the user space defined rules and network objects in the kernel: the kernel component works with generic data such as IP addresses, ports and protocols and provides some generic operations for comparing the values of a packet with constants or for discarding a packet.
Permalink for comment 354414
To read all comments associated with this story, please click here.
RE[2]: application-based filtering
by Lennie on Sun 22nd Mar 2009 09:39 UTC in reply to "RE: application-based filtering"
Member since:

I think the reason is, most people feel the personal firewall concept is kinda flawed. Let me explain, their are typically 2 kinds of users, knowledgable and not-knowledgable. The knowledgable already know what applications they should/shouldn't run. The others would just click allow&remember for everything.

Anyway most people just use applications installed by their distribution or network-/systems-administrator, they could easily all include a SELinux/AppArmor allow-list of what they can do and not allowed anything else. This comes from a long line of Unix-people, that would probably say, 'normal users' don't really need that kind of access. For example you could already make a firewall rule that says, user-x can only connect to the web-proxy and a lot of people think that should probably be enouogh.

There is an open source/free personal firewall for Windows though, Core Force, suppositly it actually uses (some of) that OpenBSD PF-code.

EDIT: I changed it, to reflect what I meant with flaed concept.

Edited 2009-03-22 09:45 UTC

Reply Parent Score: 1