tech-net: Re: making our tcp/ip a strong-end system

Subject: Re: making our tcp/ip a strong-end system
To: Todd Vierling <tv@pobox.com>
From: Perry E. Metzger <perry@piermont.com>
List: tech-net
Date: 11/12/1998 16:46:05

Todd Vierling writes:
> Then why not just use ipf and eliminate all of the workarounds of
> workarounds?

Having the kernel do the right thing by default would give you a nice
"belt and suspenders" security feel.

> 
> pass in quick on ne0 from any to 1.2.3.4
> block in quick on ne0 all
> pass in quick on ne1 from any to 4.3.2.1
> block in quick on ne1 all
> 
> And we're done.  (Did I miss something?)
> 
> -- 
> -- Todd Vierling (Personal tv@pobox.com; Bus. todd_vierling@xn.xerox.com)
>