Hi, * Christoph Anton Mitterer <cales...@scientia.net> [2011-08-19 22:46]: > iptables-persistent loads the iptables rules at boot, and thus it should > be quite clear, why this can be security critical. > Just imagine that for some reasons you have rsh, or telnet or something > (by itself) "insecure" enabled, which is however made secure, as you > protect it via firewall rules (e.g. allow only specific source addresses > (from a known local network) or demand that the packets are IPsec > encapsulated. > > If in such a situation you trust the rules being loaded, but they are not, > you're absolutely screwed.
Alright makes sense. Thanks for taking the time to explain this! The user-tag imho is not correct though in this case, but doesn't really matter either. Kind regards Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
pgp8FCPNB37GY.pgp
Description: PGP signature
