Subject: Re: Should loose source routing be enabled if not IPFORWARDING?
To: None <current-users@NetBSD.ORG>
From: Ronald Khoo <ronald@cpm.COM.MY>
List: current-users
Date: 12/15/1994 10:37:07
Herb Peyerl <> wrote:

> There were two suggestions.  One was a sysctl which I'm not fond of in
> that situation because should someone gain root on the firewall (well,
> in that case you're screwed anyhow but) then they can easily enable
> forwarding without attracting too much attention.

I guess you could argue that perhaps ipforwarding should be readonly
when the kernel security level is multiuser ?

Me: Ronald Khoo  Food: Roti Chanai  Drink: Tea, weak, milky without sugar
In Malaysia:  +60 3  241 5232  Computer Protocol Malaysia
In England:   +44 81 349 0063  Demon Internet Services