Jonathan Stone writes:
> Perry E. Metzger <perry@piermont.com> writes:
> >> Having to explicitly turn ip_filter *on* is a bug, in some environments.
> 
> >Indeed. You don't want packets to leak during bootup.
> 
> Yes, that's exactly what I meant (I forgot to say so explicitly).
> Thanks for clarifying it.

I would suggest, btw, that "the right thing" is for machines with the
IP filter code built in to not route *anything* (lets not forget
source routes!) until the filtering has been properly established.

Perry