Sounds like a problem with the Linux kernel configuration (or possibly the way you are doing it) to me. In FreeBSD all you need to do is copy a plain text file with optionname=yes/no and all your settings are imported.
I hope someone develops a GUI for "NFTables", because manually configuring iptables (using ufw, or its lack of complete control/fine tuning gui or some other method) sucks. Some assume you know all about Linux networking.
If you don't know what you're trying to do with your firewall, a GUI will not help you.
However, a sensible default "common case" example configuration will.
They also tend to design things properly in the first place, rather than dodgy some alpha version together and push it out as production code, just so they can scream "First!".
Documentation of intended behavior should be written before the damn code, but hey, why let actual design stand in the way of just barfing out some alpha level *will-need-rewrite* code and pretending it is production ready?
You're shitting me right? I remember getting to grips (painfully) with iptables (after running with ipfwadm) back in say, 2003. The fact that documentation still isn't complete just sums up the Linux experience for me. Documentation generally sucks.
If your SSL connection is MITM'd you are boned anyway, and have far bigger problems. If the NSA is MITMing Apple (or microsoft/google) services, then they could just as easily deploy a signed keylogging trojan (if iOS or WinMobile or Android, etc. doesn't already have one pre-installed) to monitor everything via your device.
Slashdot Mirror
Because its a router/switch, not a shell server.
Well, Windows might be able to keep up with RIP.
Cisco Nexus 1000
Try FreeBSD or PC-BSD.
I'm sure it's due to be re-written soon, so we can add yet another incompatible Linux audio subsystem to the mix.
Sounds like a problem with the Linux kernel configuration (or possibly the way you are doing it) to me. In FreeBSD all you need to do is copy a plain text file with optionname=yes/no and all your settings are imported.
pf has supported variables since uh.... it was invented.
If you don't know what you're trying to do with your firewall, a GUI will not help you.
However, a sensible default "common case" example configuration will.
Instead, it un-secures their network.
Juniper is FreeBSD based.
There's this new technology called stateful firewalling that you may be interested in.
They also tend to design things properly in the first place, rather than dodgy some alpha version together and push it out as production code, just so they can scream "First!".
Pretty much. I have FreeBSD doing primary NS and MX for a bunch of domains and it is rock solid.
or libc5 to glibc. lol.
Documentation of intended behavior should be written before the damn code, but hey, why let actual design stand in the way of just barfing out some alpha level *will-need-rewrite* code and pretending it is production ready?
You're shitting me right? I remember getting to grips (painfully) with iptables (after running with ipfwadm) back in say, 2003. The fact that documentation still isn't complete just sums up the Linux experience for me. Documentation generally sucks.
Why they don't just port pf is beyond me.
It damn well should be faster. It's running on hardware about 4x the price.
warranty claims :D
Point B does not apply if the third party owns the CA infrastructure. But yes, trusting third party keys for secure comms is retarded.
And here's pretty much the only thing that needs to be said. If you're wanting stuff encrypted, do it yourself.
If your SSL connection is MITM'd you are boned anyway, and have far bigger problems. If the NSA is MITMing Apple (or microsoft/google) services, then they could just as easily deploy a signed keylogging trojan (if iOS or WinMobile or Android, etc. doesn't already have one pre-installed) to monitor everything via your device.
self signed certs for the win. we just need a proper random number generator, and an out-of-band method of key exchange (sneakernet/snail mail).
NSA owns your RNG?
Or, more likely not even needing to hack the device.