| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <486A4514.8020903@trash.net> Date: Tue, 01 Jul 2008 16:54:12 +0200 From: Patrick McHardy <kaber@...sh.net> To: Evgeniy Polyakov <johnpol@....mipt.ru> CC: netdev@...r.kernel.org, netfilter-devel@...r.kernel.org Subject: Re: Passive OS fingerprinting. Evgeniy Polyakov wrote: > On Tue, Jul 01, 2008 at 04:16:28PM +0200, Patrick McHardy (kaber@...sh.net) wrote: >> I truely hope it will be since I'm working (slowly, as time permits) >> on the *tables successor that will implement things like this in >> userspace. Every module we add that adds more complicated logic in >> the kernel will make adding an iptables compat layer harder. > > It still is very tempting to implement such things as iptables modules. > For example I consider to create tunnel-like device and iptables target > to implement ip-over-dns tunnel, and I need iptables extension since I > only control single machine outside of my ISP which is not firewalled. > Having new way of writing iptables extensions requires to update > existing machines, which is not possible frequently > (like existing enterprise (r) (c) (tm) solutions...) Yes, I only mean for matching purposes. Target functionality can usually not be reached through combination. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists