On Mon, 20 Jul 2020 19:46:16 +0200 Ludovic Bellière <belliere.ludo...@proximus.be> wrote:
> Running processes aren't stopped (restarted) until the new binaries > are available, so your machine was still behind a firewall if rules > were applied before the upgrade. iptables, ip6tables, and other > alternatives serves as interface to the Netfilter packet filtering > framework found in the kernel, the absence of such commands does not > make the kernel unsafe. Thank you for the clarification; it has been both instructive and helpful. However, as the replacement of the existing (protective) ruleset with a default (permissive) ruleset is immediate: the dist-upgrade process is effectively issuing the command #iptables -P INPUT ACCEPT && iptables -F INPUT. Thus, it is not an absence of such commands, it is an active issuing of permissive commands to replace the existing protective ruleset in the kernel. The firewall is effectively being disabled with immediate effect and will remain so until a protective ruleset is applied and enforced. That is still essentially my concern. Best wishes fraser _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
