Subject: Re: making our tcp/ip a strong-end system
To: None <lukem@goanna.cs.rmit.edu.au>
From: Perry E. Metzger <perry@piermont.com>
List: tech-net
Date: 11/13/1998 13:07:28
Luke;
Screw the peanut gallery. Please add your option. If they don't want
to use it, they don't have to use it. You and I both want it. Put it
in.
Perry
Darren Reed writes:
>
> Geez, lets look at other sysctl's which can be replaced with IP Filter:
>
> net.inet.ip.directed-broadcast
> net.inet.ip.forwsrcrt
> net.inet.ip.allowsrcrt
> net.inet.ip.redirect
> net.inet.ip.forwarding
> net.inet.icmp.maskrepl
>
> Why not just enable each of the above and control it through packet
> filter lists in IP Filter ?
>
> The sysctl Luke is proposing is a "simple" switch that has benefits
> other than security.
>
> Darren