On Thu, May 27, 1999 at 10:38:28PM +1000, Darren Reed wrote:
> [...]
> Personally, I regard having a special kernel mod to do this as a joke
> although I can understand why someone would think it as appropriate
> and unless you're running on a Gigabit ethernet with a 386, do not
> see any value in arguing IP Filter is "too heavy" for the job.  If you
> were really concerned about speed, you'd use another box to snoop the
> traffic going to that one and strip it down to be a router only.

I was arguing more about the value of logging refused tcp (and udp as well :)
connections than about this particular implementation. If I really had to do
it, I probably would do it on my router with ipf than with syslog on each host.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--