undefined | Better HN

0 pointslima5y ago0 comments

What would they need a firewall for? They have full control over the entire environment. They can (and should) just filter host-side.

0 comments

kortilla5y ago

Host level filtering doesn’t make it “not a firewall”. If they drop packets in the NIC before hitting userspace (they do this), that’s a firewall. Iptables is a firewall.

bigiain5y ago

I am confident 99.9% of the people insisting on having you tick the checkboxes have no idea what "they drop packets in the NIC before hitting userspace" means...

Pretty sure getting your PM to just drop the firewall icon into their Visio diagram is a better way to meet stupid compliance requirements than explaining the difference between user space and kernel space to a just-graduated big4 consulting company intern "auditor"... /s

limaOP5y ago

Exactly.

j / k navigate · click thread line to collapse