> To: John Hawkinson <jhawk@panix.com>
> Cc: current-users@netbsd.org

> John, if the box is specifically intended to be a firewall and will
> be using proxy at application level to permit flow-through, why would
> LSR be desireable? 

This is a question not appropriate for this mailing list; anyone
interested can ask me, or follow it on firewalls@greatcircle.com
(send mail to majordomo@greatcircle.com).

> Surely a firewall should deny traceroute probes? You'd definately want
> to permit firewalls to prevent knowledge of internal network structure
> to leak, and assuming a true router with IP/ICMP filtering is available
> might not always be viable.

This is your option -- if you wish to do so, source routing is
not relevant. Only some (a minority, in fact) of traceroutes
use LSRR. You need to do this by blocking udp packets to
ports of services you do not provide.

> That said, I am all for RFC compliance in the general case, and let
> them who have need of non-standard behaviour work to achieve it. If
> there is a sensible #ifdef clause that could go into ip_input.c and
> matching comments in GENERIC config about when you'd want it, that
> would be a suitable ball-pean hammer for me.

Like I said, I think that if we put in that option, then people will
use it. Some of those people would undoubtedly have hacked the source
to do that, but others might use it because they think it is more
secure, without fully understanding it. I would maintain that that is
not something that the NetBSD should promote (because source routing
is a generally useful thing, and inserting such an option might make
it less-widely-available). Clearly this is an issue for the core team
to decide, but I've expressed my opinions.

--
John Hawkinson
jhawk@panix.com