Subject: Re: making our tcp/ip a strong-end system
To: Andrew Brown <>
From: Perry E. Metzger <>
List: tech-net
Date: 11/13/1998 13:42:47
Andrew Brown writes:
> >> >Why not just enable each of the above and control it through packet
> >> >filter lists in IP Filter ?
> >> 
> >> yeah...but then the "generic" solution is replaced by a different set
> >> of filter rules for *everyone*
> >
> >This is an option. This isn't required. You don't have to activate the 
> >sysctl. Do you have a problem with people who want a particular piece
> >of code that doesn't impact you having that code?
> i know it's an option.  we've clashed over options before.  :)
> all i was saying is that somewhere...there might exist someone
> (perhaps some corporate mis weenie who knows almost nothing about next
> to everything but wants "security" with quotes) who wants a
> strong-ended system but is not qualified (or even competent enough) to
> compile the ipf stuff into his or her kernel, let alone write the
> necessary filter rules to effect such a system.  having little
> switches and dials and knobs makes things like this easier for end
> users.

Fine. So why were you saying we shouldn't put the code in?
