Linked by Thom Holwerda on Fri 20th Mar 2009 22:01 UTC, submitted by diegocg
Linux The Netfilter development team's Patrick McHardy has released an alpha version of nftables, a new firewall implementation for the Linux kernel, with a user space tool for controlling the firewall. nftables introduces a fundamental distinction between the user space defined rules and network objects in the kernel: the kernel component works with generic data such as IP addresses, ports and protocols and provides some generic operations for comparing the values of a packet with constants or for discarding a packet.
Thread beginning with comment 354414
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: application-based filtering
by Lennie on Sun 22nd Mar 2009 09:39 UTC in reply to "RE: application-based filtering"
Lennie
Member since:
2007-09-22

I think the reason is, most people feel the personal firewall concept is kinda flawed. Let me explain, their are typically 2 kinds of users, knowledgable and not-knowledgable. The knowledgable already know what applications they should/shouldn't run. The others would just click allow&remember for everything.

Anyway most people just use applications installed by their distribution or network-/systems-administrator, they could easily all include a SELinux/AppArmor allow-list of what they can do and not allowed anything else. This comes from a long line of Unix-people, that would probably say, 'normal users' don't really need that kind of access. For example you could already make a firewall rule that says, user-x can only connect to the web-proxy and a lot of people think that should probably be enouogh.

There is an open source/free personal firewall for Windows though, Core Force, suppositly it actually uses (some of) that OpenBSD PF-code.

EDIT: I changed it, to reflect what I meant with flaed concept.

Edited 2009-03-22 09:45 UTC

Reply Parent Score: 1

BSDfan Member since:
2007-03-14

There is an open source/free personal firewall for Windows though, Core Force, suppositly it actually uses (some of) that OpenBSD PF-code.

It's rumoured.. but nobody knows for sure, if they did use a portion of the pf code, it's probably just the rule parsing.

Windows did incorporate elements of BSD sockets into their OS, the kernel side of things is quite different.

:) -- smile, see.. I can be nice.

Reply Parent Score: 2

0brad0 Member since:
2007-05-05


It's rumoured.. but nobody knows for sure, if they did use a portion of the pf code, it's probably just the rule parsing.

Windows did incorporate elements of BSD sockets into their OS, the kernel side of things is quite different.

:) -- smile, see.. I can be nice.


It isn't rumored at all you moron. Learn how to read a web page.

Reply Parent Score: 0