On Mon, Sep 11, 2006 at 03:13:04PM +0900, YAMAMOTO Takashi wrote:
> 
>>> - i don't think it's so relevant.
>>> - i don't think IPFILTER_DEFAULT_BLOCK option is a great idea.
>>> - iirc, ipfilter has a global knob to enable it.
>>
>> How is this supposed to work?  The point of IPFILTER_DEFAULT_BLOCK is
>> protect your system from, for example, inapproprate packet handling
>> or routing over autoconfigured network interfaces (or interfaces
>> configured by the kernel as part of the boot process) *before* any
>> user code runs.
>> 
>> What, exactly, is supposed to turn this knob?
> 
> you can enable it at some point after listeners are loaded.
> or you can make it automatically enabled when the first listener in
> the system is loaded.  (maybe the latter works only when if you load
> a set of listeners as a "secure model".)

Let's stick to the example of IP Filter.  In the case of IP Filter,
how would the specific counterexamples I pointed out be accomodated?

For a firewall, leaking packets ever, at all, is bad.

Thor