Subject: Re: Should loose source routing be enabled if not IPFORWARDING?
To: John Hawkinson <jhawk@panix.com>
From: George Michaelson <G.Michaelson@cc.uq.oz.au>
List: current-users
Date: 12/14/1994 16:36:39
John, if the box is specifically intended to be a firewall and will
be using proxy at application level to permit flow-through, why would
LSR be desireable?
Surely a firewall should deny traceroute probes? You'd definately want
to permit firewalls to prevent knowledge of internal network structure
to leak, and assuming a true router with IP/ICMP filtering is available
might not always be viable.
That said, I am all for RFC compliance in the general case, and let
them who have need of non-standard behaviour work to achieve it. If
there is a sensible #ifdef clause that could go into ip_input.c and
matching comments in GENERIC config about when you'd want it, that
would be a suitable ball-pean hammer for me.
-George