Quite a few bugs affect only one kernels with a specific feature, for exmaple the recent smbfs bug requires you to use smbfs and have a cracked server. If there is an alsa or module exploit my (linux) firewall is not affected becaue it supports neother those features nor any devices not part of the box.
At least my firewall would not be content without the stateful inspection features of iptables. Without this I suspect the firewall would be more complex and provide less protection.
A new version of the mm integer overflow bugs or ping of doom would be much more exciting.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds