Re: IP filtering should default to DENY?

From: almesber@lrc.di.epfl.ch
Date: Mon Jan 17 2000 - 18:13:48 EST

Next message: Alan Cox: "Re: drivers/telephony and winmodems"
Previous message: Alan Cox: "Re: Which sound card"
In reply to: Russell King: "Re: IP filtering should default to DENY?"
Next in thread: David Lang: "Re: IP filtering should default to DENY?"
Reply: David Lang: "Re: IP filtering should default to DENY?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Russell King wrote:
> I for one run this exact setup - a root NFS masquerading firewall. A change
> to a default of DENY would currently break root NFS.

But then, there are of course plenty of people who'd love to murder
kernel-based NFS root at the earliest opportunity anyway ;-)

(Besides this, I don't think we should default to DENY. You can always
do that in user space, so the best strategy is probably to preserve the
existing behaviour - least surprise principle.)

- Werner

-- _________________________________________________________________________ / Werner Almesberger, ICA, EPFL, CH werner.almesberger@ica.epfl.ch / /_IN_N_032__Tel_+41_21_693_6621__Fax_+41_21_693_6610_____________________/

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: drivers/telephony and winmodems"
Previous message: Alan Cox: "Re: Which sound card"
In reply to: Russell King: "Re: IP filtering should default to DENY?"
Next in thread: David Lang: "Re: IP filtering should default to DENY?"
Reply: David Lang: "Re: IP filtering should default to DENY?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Jan 23 2000 - 21:00:16 EST