Note that many people (i.e. me :) enable both forwarding and
filtering, as I don't want to have to reboot the machine just to add a
temporary filter.
Michael.
>>>>> ""Leonard" == "Leonard N Zubkoff" <lnz@dandelion.com> writes:
> If IP Forwarding and IP Firewall are both included in a kernel,
> shouldn't the default policy be to not forward anything until the
> system startup scripts set the appropriate policies? Otherwise,
> there's a window of time during boot when packets will be forwarded
> but should not be. Worse still, if a crash causes a reboot that
> doesn't get far enough to run the startup scripts, a machine might
> be left with forwarding turned on indefinitely until someone notices
> the problem.
> Leonard