From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Christoph A." Subject: Re: security impact of creating rulesets with iptables (cmd) Date: Mon, 10 Aug 2009 01:28:09 +0200 Message-ID: <4A7F5B89.9030105@gmail.com> References: <4A7F431E.70706@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigD70CED07018D2DCA3550C14B" Cc: Netfilter Developer Mailing List To: Jan Engelhardt Return-path: Received: from mail-ew0-f214.google.com ([209.85.219.214]:50998 "EHLO mail-ew0-f214.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751519AbZHIXbN (ORCPT ); Sun, 9 Aug 2009 19:31:13 -0400 Received: by ewy10 with SMTP id 10so2682780ewy.37 for ; Sun, 09 Aug 2009 16:31:13 -0700 (PDT) In-Reply-To: Sender: netfilter-devel-owner@vger.kernel.org List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD70CED07018D2DCA3550C14B Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 10.08.2009 00:18, Jan Engelhardt wrote: > Even if you manage to avoid temporary Windows Of Opportunity For=20 > Attackers does not mean all novice users are able to do the same. Hence= =20 > it is easier to just use iptables-restore and need not worry about=20 > atomicity within a given table. thanks for your fast reply! Christoph A. --------------enigD70CED07018D2DCA3550C14B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEAREKAAYFAkp/W5sACgkQrq+riTAIEg1pQwCbBiHK25wnE6vrhqqmcN4w7Qgu 5igAoMMg9sUtxhYp+NQNQONp7RN94wKl =vsyy -----END PGP SIGNATURE----- --------------enigD70CED07018D2DCA3550C14B--