On Thu, Nov 12, 1998 at 04:46:05PM -0500, Perry E. Metzger wrote:
> > Then why not just use ipf and eliminate all of the workarounds of
> > workarounds?
> 
> Having the kernel do the right thing by default would give you a nice
> "belt and suspenders" security feel.

But it is NOT the right thing. It might be correct in such special firewall
environments. But it a normal network with dynamic routing and system with
multiple interfaces it will cause severe problems.

And for the firewall situations Todd's IPF rules are enough.

-- 
Matthias Scheler                                http://home.owl.de/~tron/