Originally posted by sdack
View Post
Announcement
Collapse
No announcement yet.
Firewalld 1.0 Released With Big Improvements
Collapse
X
-
- Likes 3
-
Originally posted by sdack View PostI am saying he cannot claim to be using firewalld without using nfttables, all while he claims to be using firewalld by using a GUI to firewalld. You want to read my comment again and wait a little for it to sink in.
- Likes 4
Leave a comment:
-
Originally posted by pal666 View Postnobody uses assembly to implement algorithms. std::sort is an agorithm and it's implemented in c++ templates because that's the only way which can be optimized by compiler on the scale of full application. what you are thinking about is using special assembly instructions for codecs, it's tiny niche
- Likes 1
Leave a comment:
-
Originally posted by jacob View PostIf you are looking for a trick to achieve that at least partly using nftables alone, yes of course you will find it. But that doesn't mean that it makes sense or that it's a solution one should recommend to anyone unless it's someone who has a particular interest in firewalls and the way they operate. A normal user can easily understand the notions "I'm at home, I'm at work, I'm at a friend's house where I can kind of trust some stuff, I'm at the airport where I don't trust anything" and a good solution is one that presents them with exactly those options that map to their view of the world. Expecting the user to start worrying about which device has which MAC address (which can also change, by the way) and deal with the minutiae of nftables syntax to filter packets based on MAC addresses is plain absurd. Most computer users are gamers, graphic artists, scientists, software developers, social media fans etc. whose interest in, and enjoyment of OS administration is exactly zero.
Leave a comment:
-
Originally posted by jacob View PostSo when using GNOME you are not really using Linux? Using Linux means only invoking kernel syscalls in assembly? You really sound like some l33t kid to me.
And what does a l33t kid sound like? I do not know. If they sound like 50-year olds on the Internet then perhaps I do sound like one.Last edited by sdack; 23 July 2021, 07:13 PM.
Leave a comment:
-
Originally posted by sdack View PostWhen you are using a GUI or another app then you are not really using firewalld. Or, when you do want to say so, then you also have to say you are using nftables, because firewalld is based on nftables. You cannot ride half a horse and pretend the other half had nothing to do with you.
- Likes 2
Leave a comment:
-
Originally posted by sdack View PostOf course, I think we both can agree on this.
But do know that you can use nftables to fully automate your setup so that you no longer need to switch manually. You can filter traffic based on the MAC addresses of the access points and only when you are at home allow for all sorts of traffic to pass, and be more restrictive everywhere else. You should be able to do this with firewalld, too.
- Likes 3
Leave a comment:
-
Originally posted by Danny3 View PostPlus some programs like bittorrent clients can have option to use a random port, I wonder how would I creat a rule for that in a port-based firewall.
- Likes 1
Leave a comment:
-
I understand that Firewalld is also used by openSUSE with the Yast interface ... I personally found myself very well and rarely had to deal with it, but when it happened it was simple and intuitive.
Leave a comment:
-
Being used to application firewalls like simplewall and Glasswire on Windows, AFWall+ on Android, OpenSnitch on Linux, nobody could convince me to waste my time with a port based firewall.
I just don't have the time to search all the used ports for the programs that I need.
Plus some programs like bittorrent clients can have option to use a random port, I wonder how would I creat a rule for that in a port-based firewall.
- Likes 1
Leave a comment:
Leave a comment: