LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 10-03-2019, 06:46 PM   #16
stormtracknole
Senior Member
 
Registered: Aug 2005
Distribution: Slackware, RHEL
Posts: 1,142

Rep: Reputation: 158Reputation: 158

Quote:
@stormtracknole

KISS always "scales well"
This approach works on most situations, but hard to do on an enterprise level. I don't really know enough about this to comment much more. Just passing along what the instructor at Red Hat said. Firewalld uses nftables now I believe. I do like it in case you are not an expert in writing iptable rules. It gets the job done without much hassle. I'm all for whatever gets the job done.
 
Old 10-03-2019, 09:19 PM   #17
upnort
Senior Member
 
Registered: Oct 2014
Distribution: Slackware, Proxmox, Debian, CentOS, Ubuntu
Posts: 1,212

Original Poster
Rep: Reputation: Disabled
Does nftables support application level control/blocking?
 
Old 10-03-2019, 09:59 PM   #18
abga
Senior Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 1,211

Rep: Reputation: 640Reputation: 640Reputation: 640Reputation: 640Reputation: 640Reputation: 640
Quote:
Originally Posted by upnort View Post
Does nftables support application level control/blocking?
Doesn't look so, nor does iptables, but only on UID/GID.
- iptables - look for the owner module:
http://ipset.netfilter.org/iptables-extensions.man.html
- nftables - "Matching packets the socket UID" section:
https://wiki.nftables.org/wiki-nftab...etainformation
 
Old 10-03-2019, 10:54 PM   #19
upnort
Senior Member
 
Registered: Oct 2014
Distribution: Slackware, Proxmox, Debian, CentOS, Ubuntu
Posts: 1,212

Original Poster
Rep: Reputation: Disabled
Quote:
Doesn't look so, nor does iptables, but only on UID/GID.
I knew iptables didn't, at least not directly.

I always thought peculiar the lack of application level support. The traditional argument is only trusted software is installed on Linux systems. Perhaps mostly true but not the case when closed source proprietary software is ported or the firewall is part of a gateway in a mixed platform environment. These days so-called "telemetry" data mining health monitoring is hardly unheard of in free/libre circles.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] translation from iptables to nftables kikilinux Linux - Security 3 12-17-2014 02:12 PM
[SOLVED] what is advantage of nftables over iptables packet filter ? kikilinux Linux - Security 1 10-01-2014 03:26 PM
NFTables To Replace iptables In the Linux Kernel jeremy Linux - News 0 10-21-2013 11:02 AM
LXer: NFTables IPTables-Replacement Queued For Linux 3.13 LXer Syndicated Linux News 0 10-20-2013 08:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration