WG interface to ipv4
ѽ҉ᶬḳ℠
vtol at gmx.net
Sun May 6 11:26:33 CEST 2018
> Please tell us how adding such an option could possibly enhance security, given that you can get the same effect with a simple iptables rule.
Security enhanced by /tailoring mitigating surfaces, which is not for
netfilter rules, different concepts. netfilter rules, particular
iptables, can get easily convoluted in complex scenarios.
If it were for everything network security related to be resolved by
netfilter rules than certainly the likes of ssh, dnsmasq, ntp, bind,
unbound etc would not need to implement features like socket contains
and binding to iface/subnet. Or do reckon such as obsolete nonsense?
Look, except for Kalin's response
(https://lists.zx2c4.com/pipermail/wireguard/2018-May/002759.html) the
reluctance to consider this is rather apparent. Which is fine as
statement and of course anyone is at liberty to deploy WG. I think I
made my point and if it is considered invalid than it is fair enough and
no need to be argued further.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4174 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20180506/99b7ca3c/attachment.p7s>
More information about the WireGuard
mailing list