Date: Thu, 20 Dec 2001 00:50:39 +0300 From: Yar Tikhiy <yar@FreeBSD.ORG> To: Wilko Bulte <wkb@freebie.xs4all.nl> Cc: Maxim Konovalov <maxim@macomnet.ru>, net@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: Processing IP options reveals IPSTEALH router Message-ID: <20011220005038.B52848@comp.chem.msu.su> In-Reply-To: <20011219223242.B4906@freebie.xs4all.nl>; from wkb@freebie.xs4all.nl on Wed, Dec 19, 2001 at 10:32:42PM %2B0100 References: <20011219181929.A20425@comp.chem.msu.su> <20011219190533.W57795-100000@news1.macomnet.ru> <20011219223242.B4906@freebie.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 19, 2001 at 10:32:42PM +0100, Wilko Bulte wrote: > > > > First of all we should decide what IPSTEALTH is for. Is it just a > > Ruslan's net.inet.ip.decttl or it should really stealth the fact of > > the routing? If the latter how do we behave in source routing case? > > I would assume IPSTEALTH is thought to be for firewalls. Allowing > source routing thru firewalls is a Bad Thing(TM) anyway, right? Source routing itself is a Bad Thing, as is TELNET or rlogin. However, this isn't a reason strong enough to drop all such stuff from FreeBSD completely. That's why we're trying to consider every possible case. IMHO increasing the number of "FOO is incompatible with BAR" situations is no good. -- Yar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011220005038.B52848>