Matthias Scheler writes:
> On Thu, Nov 12, 1998 at 04:46:05PM -0500, Perry E. Metzger wrote:
> > > Then why not just use ipf and eliminate all of the workarounds of
> > > workarounds?
> > 
> > Having the kernel do the right thing by default would give you a nice
> > "belt and suspenders" security feel.
> 
> But it is NOT the right thing. It might be correct in such special firewall
> environments.

And I don't think anyone was proposing doing anything but making it an 
option.

> And for the firewall situations Todd's IPF rules are enough.

No they aren't. I prefer much stronger solutions than that. I could
explain this to you in detail offline.

Perry