Date: Mon, 04 Feb 2002 23:57:02 -0000 From: Matthew Whelan <muttley@gotadsl.co.uk> To: "Jacques A. Vidrine" <n@nectar.cc>, Ruslan Ermilov <ru@FreeBSD.ORG>, Mike Tancsa <mike@sentex.net> Cc: stable@FreeBSD.ORG, Warner Losh <imp@FreeBSD.ORG> Subject: Re: dropping 127.* on the floor Message-ID: <KZWJE3VPJ5651WYXA7E0IH3ZLFOLI.3c5f1fce@VicNBob> In-Reply-To: <5.1.0.14.0.20020204092437.050e66e0@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
04/02/2002 14:29:08, Mike Tancsa <mike@sentex.net> wrote: >What if this were dealt as part of firewall rules ? i.e. GENERIC was built >by default with IPFIREWALL and firewall_enable="YES" and >firewall_type="OPEN" were set. That way the behavior that people have come >to rely on is still there for those that need it. Well, some way of forcing a strong endpoint model would definitely be nice. Aren't the problems with trying to do it in ipfw/ipf effectively the same as with ip_output.c though (namely that the destination address has been re- written before inspection)? Matthew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?KZWJE3VPJ5651WYXA7E0IH3ZLFOLI.3c5f1fce>