|
|
|
|
|
|
by xenophonf
3744 days ago
|
|
|
A lot of good points, but several ignorant ones, too (what's wrong with tcp_wrappers or PAM? also OpenNTPD is _not_ a drop-in replacement for ntpd). And if the author is someone coming from OpenBSD, they ought to know at least something of the history behind IPFilter, as it is the raison d'etre for OpenBSD's pf. Speaking as an infosec guy myself, I'd dearly love to see the TrustedBSD MAC Framework or the Audit Implementation (OpenBSM) being used by default. I'm surprised the author didn't mention it. |
|
|
(this would attenuate many of the OP's complaints)