Am Thu, 1 Mar 2018 21:45:46 -0500 schrieb Rich Freeman <ri...@gentoo.org>:
> If they did move netfilter to userspace, then it would most likely be more insecure because a userspace process can be easier bypassed, killed, hacked or whatever. That's a lot harder with the kernel if not impossible. See all those personal firewalls for Windows like Kerio Personal Firewall, Zone Alarm or whatever when Windows didn't have its own firewall. I hope netfilter will never move to userspace. And I'm pretty sure it won't.
