grsecurity forums


https://forums.grsecurity.net./

Ports

https://forums.grsecurity.net./viewtopic.php?f=3&t=254

Page 1 of 1

Ports

PostPosted: Tue Dec 31, 2002 4:59 pm
by noct
Is grsecurity in anyway capable of blocking ports on both IPv4 and IPv6 addresses in an iptables fashion?

re: ports

PostPosted: Tue Dec 31, 2002 11:25 pm
by Technion
As you said, iptables does this. So why would anybody else reimplement packet filtering, given the amount of work the netfilter team has put into iptables?

PostPosted: Wed Jan 01, 2003 5:20 am
by noct
Because iptables requires an extensive amount of research, time, and learning to get it to work properly whereas grsecurity is made fairly easy to work with, and it was just a question.

PostPosted: Thu Jan 02, 2003 9:59 am
by spender
My goal in writing the IP ACLs for grsecurity was to do the things iptables can't, which was handling important syscalls related to networking, so that their error conditions could be returned to the application. So I decided to implement for socket, connect, and bind, also because the kind of checks that we have to do can't really be done in a fast way (or at least I have no idea how to do them in an efficient way other than traversing the list), and these syscalls aren't a bottleneck on a system.

-Brad

PostPosted: Thu Jan 02, 2003 10:47 pm
by noct
Sounds good.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/