Hi all,
I just writen that because I read
"
Determining the pid/subj of a packet is notoriously
difficult/impossible in netfilter so let's drop that; with proper
policy/rules you should be able to match proto/port with a given
process so this shouldn't be that critical. The source/destination
On Sat, Jan 21, 2017 at 6:27 AM, Patrick PIGNOL
wrote:
> Hi all,
>
> I disagree !
>
> Many people in the world would like to allow an software A to go to internet
> through OUTPUT TCP port 80 but disallow software B to go to the internet
> through this same OUTPUT TCP port 80. Don't you know about
Le 19/01/2017 à 15:41, Liping Zhang a écrit :
The nft table name's size is limited at this place:
static const struct nla_policy nft_table_policy[NFTA_TABLE_MAX + 1] = {
[NFTA_TABLE_NAME] = { .type = NLA_STRING,
.len =
NFT_TABLE_MAXNAM
Hi all,
I disagree !
Many people in the world would like to allow an software A to go to
internet through OUTPUT TCP port 80 but disallow software B to go to the
internet through this same OUTPUT TCP port 80. Don't you know about
viruses on linux ? Viruses ALWAYS use HTTP/HTTPS ports to get p