Re: Default Forwarding Policies

Michael O'Reilly (michael@metal.iinet.net.au)
Mon, 01 Jul 1996 16:26:51 +0800


No, the filters should just be added before the network interfaces are
brought up. No packets will be forwarded until the ifconfig is done,
so just make sure the filters are added first.

Note that many people (i.e. me :) enable both forwarding and
filtering, as I don't want to have to reboot the machine just to add a
temporary filter.

Michael.

>>>>> ""Leonard" == "Leonard N Zubkoff" <lnz@dandelion.com> writes:

> If IP Forwarding and IP Firewall are both included in a kernel,
> shouldn't the default policy be to not forward anything until the
> system startup scripts set the appropriate policies? Otherwise,
> there's a window of time during boot when packets will be forwarded
> but should not be. Worse still, if a crash causes a reboot that
> doesn't get far enough to run the startup scripts, a machine might
> be left with forwarding turned on indefinitely until someone notices
> the problem.

> Leonard