Date: Thu, 6 May 2004 15:42:43 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: "David W. Chapman Jr." <dwcjr@inethouston.net> Cc: Andre Oppermann <andre@freebsd.org> Subject: Re: Default behaviour of IP Options processing Message-ID: <Pine.BSF.4.21.0405061542170.82978-100000@InterJet.elischer.org> In-Reply-To: <20040506223545.GA61873@minubian.inethouston.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 6 May 2004, David W. Chapman Jr. wrote: > > We are using RR option all the time to track down routing asymmetry > > and traceroute is not an option, ping -R is very useful in that cases. > > We all know that ipfw (and I am sure all other *pf*) is able to > > process ip opts quite well and personally see no point in this > > sysctls. I fail to see a documentation update (inet.4 ?) as well. > > > > It is not clear for me why you ever ask for opinions after commit not > > before. Strick "nay" if you care :-) > > He hasn't changed the default yet. But I think for the select few > who actually use such tcp options, they can enable it. Most of the > users however will not need this. I think the point that is trying > to be made is that they want the default installation to be more > secure and those who need these features can simply turn them on. what security problem are you expecting? > > -- > David W. Chapman Jr. > dwcjr@inethouston.net Raintree Network Services, Inc. <www.inethouston.net> > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0405061542170.82978-100000>