If you mean an iptables firewall on a distinct physical machine placed in front of the machines you're trying to protect, then it will be enough to prevent remote attacks.
If you mean an iptables firewall on the same physical machine as the one you're trying to protect, it will be useless; like Matt mentioned in the second paragraph, the OS never even gets to see these packets, the ME steals them off the Ethernet adapter.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: IpTables
Date: 2017-05-02 07:50 am (UTC)If you mean an iptables firewall on the same physical machine as the one you're trying to protect, it will be useless; like Matt mentioned in the second paragraph, the OS never even gets to see these packets, the ME steals them off the Ethernet adapter.