Subject: Re: Should loose source routing be enabled if not IPFORWARDING?
To: John Hawkinson <jhawk@panix.com>
From: Perry E. Metzger <perry@imsi.com>
List: current-users
Date: 12/14/1994 10:44:34
John Hawkinson says:
> Nevertheless, my previous comments still apply -- it is legal for a
> host to ignore non-local source routing, but NetBSD's current behavior
> of permitting it is legal as well (though optional per 1122), and,
> IMHO, desirable.

It would, IMHO, be best if hosts acting as firewalls didn't allow
source routing *through* them. I'm sick of having to hack this out of
kernels rather than having an option, and yes, its strictly necessary
if you are building an application level firewall. IMHO, if you don't
have ip forwarding on, you shouldn't forward packets, PERIOD.

Perry