grsecurity forums

Skip to content

Ports

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

Ports

Postby noct » Tue Dec 31, 2002 4:59 pm

Is grsecurity in anyway capable of blocking ports on both IPv4 and IPv6 addresses in an iptables fashion?
noct
 
Posts: 6
Joined: Tue Dec 31, 2002 4:54 pm
Top

re: ports

Postby Technion » Tue Dec 31, 2002 11:25 pm

As you said, iptables does this. So why would anybody else reimplement packet filtering, given the amount of work the netfilter team has put into iptables?
Technion
 
Posts: 15
Joined: Thu Apr 25, 2002 12:23 am
Top

Postby noct » Wed Jan 01, 2003 5:20 am

Because iptables requires an extensive amount of research, time, and learning to get it to work properly whereas grsecurity is made fairly easy to work with, and it was just a question.
noct
 
Posts: 6
Joined: Tue Dec 31, 2002 4:54 pm
Top

Postby spender » Thu Jan 02, 2003 9:59 am

My goal in writing the IP ACLs for grsecurity was to do the things iptables can't, which was handling important syscalls related to networking, so that their error conditions could be returned to the application. So I decided to implement for socket, connect, and bind, also because the kind of checks that we have to do can't really be done in a fast way (or at least I have no idea how to do them in an efficient way other than traversing the list), and these syscalls aren't a bottleneck on a system.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top

Postby noct » Thu Jan 02, 2003 10:47 pm

Sounds good.
noct
 
Posts: 6
Joined: Tue Dec 31, 2002 4:54 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group