ah on Nostr: I'd highly doubt there could be an actual vulnerability for a firewall like this. It ...
I'd highly doubt there could be an actual vulnerability for a firewall like this. It looks like the ufw & docker issue was due to docker not respecting ufw rules, requiring iptables to be disabled before it would follow ufw rules. Its not a vulnerability per-se but more of a configuration issue.
https://www.techrepublic.com/article/how-to-fix-the-docker-and-ufw-security-flaw/ My own experience (when I last tried using it 10 years ago) was that iptables has a huge number of flags and positional arguments to memorize, and then time testing every change made to see whether it had worked. I was admittedly using it to make my server act as a firewall and pass through internet traffic to the rest of my lan on a different interface, something portmaster can't do. Glad you feel comfortable with it. FWIW portmaster does have several other neat features like custom DNS, monitoring, filter lists (eg Ads/malware) and the paid version can do inspection on individual applications.
Published at
2023-08-30 20:52:01Event JSON
{
"id": "1d321d7ad1d8cc79f92553394261b0e84f4ab6d68d250f7e94af81e5c622d9ab",
"pubkey": "d93cc2c89918a0e07d92b7b619b640845195ed29d67dc94f79f3551824b62fe0",
"created_at": 1693428721,
"kind": 1,
"tags": [
[
"e",
"91f7fefd9cb8b71b2b68295024b881f3e100cf2f4b72d84c12feccc2b8c4f944",
"",
"root"
],
[
"e",
"d754cc9064a62e3222c7acba0b63ef5d1d28ad3b565fa8617b2acfc2d5d56c2a",
"",
"reply"
],
[
"p",
"d0debf9fb12def81f43d7c69429bb784812ac1e4d2d53a202db6aac7ea4b466c"
],
[
"p",
"d93cc2c89918a0e07d92b7b619b640845195ed29d67dc94f79f3551824b62fe0"
]
],
"content": "I'd highly doubt there could be an actual vulnerability for a firewall like this. It looks like the ufw \u0026 docker issue was due to docker not respecting ufw rules, requiring iptables to be disabled before it would follow ufw rules. Its not a vulnerability per-se but more of a configuration issue. https://www.techrepublic.com/article/how-to-fix-the-docker-and-ufw-security-flaw/ My own experience (when I last tried using it 10 years ago) was that iptables has a huge number of flags and positional arguments to memorize, and then time testing every change made to see whether it had worked. I was admittedly using it to make my server act as a firewall and pass through internet traffic to the rest of my lan on a different interface, something portmaster can't do. Glad you feel comfortable with it. FWIW portmaster does have several other neat features like custom DNS, monitoring, filter lists (eg Ads/malware) and the paid version can do inspection on individual applications.",
"sig": "65655280c1bc132962ffbdf7f8ff0f39a0873aca6f86896dc347625d138e231bdd8bf9f6a7d5ddf9ec0c0071498370a45d3dfbfc1cfa5cb8c8d96720c151953f"
}
