Originally posted by sdack
View Post
Announcement
Collapse
No announcement yet.
Firewalld 1.0 Released With Big Improvements
Collapse
X
-
Originally posted by jacob View PostSo you go to work where you connect to a 10.0.0.0/8 through Wifi. Then you get home and connect to your home Wifi, which is 10.0.0.0/8. Different zone, different requirements. How do you do that in nftables alone?
- Likes 1
Comment
-
Originally posted by jacob View PostI have written more than a little of assembly code, both on the M68K and on the x86_64. I've also written a compiler that generates x86_64 assembly. It's useful where it makes sense, for implementing algorithms it doesn't.
- Likes 1
Comment
-
Originally posted by sdack View PostClearly your problem is not with nftables or with firewalld. Your problem is with identifying a difference. When you cannot tell a difference, then why do you think it was save to allow traffic to pass on one network but not the other? You can certainly get hacked on either network, and especially on WiFi networks.
- Likes 6
Comment
-
Originally posted by sdack View PostI do not believe you. If you actually had then you would know that especially where performance is needed are algorithms implemented in assembly instructions. It is one of the few domains where assembly programming has always ruled over compilers.
- Likes 6
Comment
-
Originally posted by BingoNightly View Post
Assembly is actually pretty neat when you want to learn about how a CPU does all the things we're able to make it do.
- Likes 4
Comment
-
Originally posted by jacob View PostYou seem determined not to see the point. The difference is obvious: different WiFi access point. Nftables doesn't have that information, firewalld does and can act on it.
- Likes 3
Comment
-
Originally posted by jacob View PostAssembly is used very little in high performance computing. Fortran rules there and it can usually optimise and autovectorise nontrivial code better than hand written assembly. And if you are about to pretend that you use MPI, OpenMP etc in assembly then I'm calling out your BS right now.
Nftables offers you many different tools that when you do not know about them then you can also not use firewalld effectively. At best will you have to rely on your distro to install firewalld with a secure default. And while one can write software without knowing about assembly language do I not believe it is a good idea to create a secure system with firewalld without knowing nftables. You will only make the mistake many home users do when they install a 3rd party firewall on their computers, then open lots of ports for games, and still keep thinking it would make their computer secure, because they have installed a 3rd party firewall with a nice user interface and so now it protects them as long as they open ports using their new firewall software.
- Likes 2
Comment
-
Originally posted by sdack View PostCompilers produce assembly so you cannot really say it would not be used. Anyhow, I think your only making a bad analogy here.
Nftables offers you many different tools that when you do not know about them then you can also not use firewalld effectively. At best will you have to rely on your distro to install firewalld with a secure default. And while one can write software without knowing about assembly language do I not believe it is a good idea to create a secure system with firewalld without knowing nftables. You will only make the mistake many home users do when they install a 3rd party firewall on their computers, then open lots of ports for games, and still keep thinking it would make their computer secure, because they have installed a 3rd party firewall with a nice user interface and so now it protects them as long as they open ports using their new firewall software.
- Likes 6
Comment
Comment