From owner-freebsd-stable Mon Feb 4 15:57:18 2002 Delivered-To: freebsd-stable@freebsd.org Received: from marvin.nildram.co.uk (marvin.nildram.co.uk [195.112.4.71]) by hub.freebsd.org (Postfix) with SMTP id 73C2737B427 for ; Mon, 4 Feb 2002 15:57:13 -0800 (PST) Received: (qmail 6838 invoked from network); 4 Feb 2002 23:57:11 -0000 Received: from muttley.gotadsl.co.uk (HELO VicNBob) (213.208.123.26) by marvin.nildram.co.uk with SMTP; 4 Feb 2002 23:57:11 -0000 From: Matthew Whelan To: "Jacques A. Vidrine" , Ruslan Ermilov , Mike Tancsa Cc: stable@FreeBSD.ORG, Warner Losh Date: Mon, 04 Feb 2002 23:57:02 -0000 X-Priority: 3 (Normal) In-Reply-To: <5.1.0.14.0.20020204092437.050e66e0@marble.sentex.ca> Message-Id: Subject: Re: dropping 127.* on the floor MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Mailer: Opera 6.0 build 1010 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG 04/02/2002 14:29:08, Mike Tancsa wrote: >What if this were dealt as part of firewall rules ? i.e. GENERIC was built >by default with IPFIREWALL and firewall_enable="YES" and >firewall_type="OPEN" were set. That way the behavior that people have come >to rely on is still there for those that need it. Well, some way of forcing a strong endpoint model would definitely be nice. Aren't the problems with trying to do it in ipfw/ipf effectively the same as with ip_output.c though (namely that the destination address has been re- written before inspection)? Matthew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message