Hello world, (cf Bug#104569) RFC1812 says that Internet routers should have the ability to avoid source address spoofing (eg, sending something that appears to be from a private LAN address through your firewall's public internet connection), but must not enable it by default. netbase provides such spoof protection, and enables it by default. It also disables IP forwarding by default, effectively putting Debian machines into the category of Internet host rather than Internet router, under the terms of RFC1812. I'm strongly disinclined to change the default behaviour of netbase at all. I could conceivably change it so that it would ask if you wanted to be an Internet host or an Internet router, and change the policy to match the rfc on those grounds, but I'm disinclined to do that too: in most cases routers are specifically where you want the spoof protection most. OTOH, I'm also disinclined to deliberately break an rfc's "must not". Thoughts? Cheers, aj -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. ``_Any_ increase in interface difficulty, in exchange for a benefit you do not understand, cannot perceive, or don't care about, is too much.'' -- John S. Novak, III (The Humblest Man on the Net)
Attachment:
pgpKnKhEQGGN4.pgp
Description: PGP signature