From: ѽ҉ᶬḳ℠ <vtol@gmx.net>
To: wireguard <wireguard@lists.zx2c4.com>
Subject: Re: WG interface to ipv4
Date: Sun, 6 May 2018 11:26:33 +0200 [thread overview]
Message-ID: <23a33070-31c3-e2d0-e2ef-e410b4c31f4a@gmx.net> (raw)
In-Reply-To: <18A71524-E4DF-4129-958C-75062E994AE8@urlichs.de>
[-- Attachment #1: Type: text/plain, Size: 988 bytes --]
> Please tell us how adding such an option could possibly enhance security, given that you can get the same effect with a simple iptables rule.
Security enhanced by /tailoring mitigating surfaces, which is not for
netfilter rules, different concepts. netfilter rules, particular
iptables, can get easily convoluted in complex scenarios.
If it were for everything network security related to be resolved by
netfilter rules than certainly the likes of ssh, dnsmasq, ntp, bind,
unbound etc would not need to implement features like socket contains
and binding to iface/subnet. Or do reckon such as obsolete nonsense?
Look, except for Kalin's response
(https://lists.zx2c4.com/pipermail/wireguard/2018-May/002759.html) the
reluctance to consider this is rather apparent. Which is fine as
statement and of course anyone is at liberty to deploy WG. I think I
made my point and if it is considered invalid than it is fair enough and
no need to be argued further.
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4174 bytes --]
next prev parent reply other threads:[~2018-05-06 9:24 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-03 16:57 WG interface to ipv4 ѽ҉ᶬḳ℠
2018-05-04 1:06 ` Jason A. Donenfeld
2018-05-04 9:27 ` ѽ҉ᶬḳ℠
2018-05-05 3:44 ` Jason A. Donenfeld
2018-05-05 8:18 ` ѽ҉ᶬḳ℠
2018-05-05 9:28 ` Kalin KOZHUHAROV
2018-05-05 17:33 ` Christophe-Marie Duquesne
2018-05-05 17:53 ` ѽ҉ᶬḳ℠
2018-05-06 1:27 ` Jason A. Donenfeld
2018-05-06 7:31 ` ѽ҉ᶬḳ℠
2018-05-06 9:00 ` Matthias Urlichs
2018-05-06 9:26 ` ѽ҉ᶬḳ℠ [this message]
2018-05-06 0:14 ` RFE: Name of peer in configuration John Huttley
2018-05-06 1:21 ` WG interface to ipv4 Jason A. Donenfeld
2018-05-06 8:58 ` ѽ҉ᶬḳ℠
2018-05-06 13:34 ` Jordan Glover
2018-05-06 14:12 ` ѽ҉ᶬḳ℠
2018-05-06 14:17 ` Jason A. Donenfeld
2018-05-06 15:21 ` Toke Høiland-Jørgensen
2018-05-06 16:33 ` ѽ҉ᶬḳ℠
2018-05-06 18:09 ` Jordan Glover
2018-05-06 19:39 ` ѽ҉ᶬḳ℠
2018-05-06 21:37 ` Android Configuration File John Huttley
2018-05-06 22:10 ` Jason A. Donenfeld
2018-05-07 4:22 ` John Huttley
2018-05-07 13:35 ` WG interface to ipv4 Christophe-Marie Duquesne
2018-05-07 16:34 ` ѽ҉ᶬḳ℠
2018-05-08 8:48 ` Christophe-Marie Duquesne
2018-05-08 9:35 ` ѽ҉ᶬḳ℠
2018-05-07 8:24 ` ѽ҉ᶬḳ℠
2018-05-07 8:41 ` Jordan Glover
2018-05-07 9:37 ` Matthias Urlichs
2018-05-07 11:21 ` Jordan Glover
2018-05-07 6:49 ` Kalin KOZHUHAROV
-- strict thread matches above, loose matches on Subject: below --
2018-05-08 15:44 Riccardo Berto
2018-05-08 16:23 ` logcabin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=23a33070-31c3-e2d0-e2ef-e410b4c31f4a@gmx.net \
--to=vtol@gmx.net \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox