Re: Why not have firewall rules by default?

On Wed, Jan 23, 2008 at 08:29:25AM -0700, Michael Loftis wrote:
>
> It's better to leave the service disabled, or even better, completely
> uninstalled from a security standpoint, and from a DoS standpoint as well.
> The Linux kernel isn't very efficient at processing firewall rules. Newer
> kernels might be though (I honestly haven't looked as deeply into this in
> late 2.6 as i did/do in 2.4...2.4 processes firewall rules strictly step by
> step)

baah any 2.4 info is terribly outdated these days (beside not beeing supported on any modern distro). it was already when 2.6.0 got released, but woow for a better feeling of dev speed, check out git:

~/src/linux-2.6$ git diff --shortstat v2.6.22..v2.6.23  7203 files changed, 406268 insertions(+), 339071 deletions(-)

2.6.24 is not yet released:
~/src/linux-2.6$ git diff --shortstat v2.6.23..  10203 files changed, 775468 insertions(+), 482968 deletions(-)

-- 
maks


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org