In message <199811122243.RAA27635@jekyll.piermont.com>  "Perry E. Metzger" wrote:
> 
> Matthias Scheler writes:
> > On Thu, Nov 12, 1998 at 04:46:05PM -0500, Perry E. Metzger wrote:
> > > > Then why not just use ipf and eliminate all of the workarounds of
> > > > workarounds?
> > > 
> > > Having the kernel do the right thing by default would give you a nice
> > > "belt and suspenders" security feel.
> > 
> > But it is NOT the right thing. It might be correct in such special firewall
> > environments.
> 
> And I don't think anyone was proposing doing anything but making it an 
> option.
> 
> > And for the firewall situations Todd's IPF rules are enough.
> 
> No they aren't. I prefer much stronger solutions than that. I could
> explain this to you in detail offline.

I think Todd's rules are not weaker than the proposal. I also do prefer
much stronger solutions, but this feature buys nothing that ipf can't handle
too, and for a stronger solution you need ipf at the moment too.

Stefan

> 
> Perry

--
Stefan Grefen                                Tandem Computers Europe Inc.
grefen@hprc.tandem.com                       High Performance Research Center
 --- Hacking's just another word for nothing left to kludge. ---