Since I raised one of the first objections, let me be one of the first
to repent!  :)

A lot of potentially good ideas has been batted around in the last few
days, like making this a per-interface and/or per-address option, or
just using ipf, I think it has become pretty obvious that no one single
solution can fit everyone.

So, as long as this is an OPTION and is Disabled by default, I can't see
any reason why Luke shouldn't just go ahead and commit the changes.
Some of the more esoteric variants can be added later, if someone with
the need can find the time to implement them.

On Fri, 13 Nov 1998, Perry E. Metzger wrote:

> 
> Andrew Brown writes:
> > >Why not just enable each of the above and control it through packet
> > >filter lists in IP Filter ?
> > 
> > yeah...but then the "generic" solution is replaced by a different set
> > of filter rules for *everyone*
> 
> This is an option. This isn't required. You don't have to activate the 
> sysctl. Do you have a problem with people who want a particular piece
> of code that doesn't impact you having that code?
> 
> Perry
> 

-----------------------------------------------------------------------------
| Paul Goyette      | PGP DSS Key fingerprint:   | E-mail addresses:        |
| Network Engineer  |   BCD7 5301 9513 58A6 0DBC |  paul@whooppee.com       |
| and kernel hacker |   91EB ADB1 A280 3B79 9221 |  paul.goyette@ascend.com |
-----------------------------------------------------------------------------