On Sun, Mar 20, 2005 at 11:22:48AM -0600, Steve Greenland wrote:
> On 19-Mar-05, 10:00 (CST), Matthias Urlichs <smurf@smurf.noris.de> wrote:
> >
> > Umm, rp_filter is for rejecting packets whose *source* address is from the
> > wrong network.
>
> Right. I know this. But what Joel was originally talking about was
> rejection of packets on interface A that are destined for an address on
> interface B; Joel seemed to be claiming that if this didn't happen by
> default, then the OS was a "toy"; I was pointing out that Linux itself
> fails this.
Not precisely accurate; I claimed that having a way to *make it* a default
was a fairly important factor. Linux does fail it, which is part of why I
think the Linux network stack blows goats in a few ways (there are others,
not the topic of this conversation). Nor does it have to be on-by-default;
there are sane (to some views) reasons to have the Linux behavior, for
example, even if I don't agree with them as a default, but being able to
flip a switch so that it was the case would suffice.
Of course, since it has been claimed that the Hurd basically supports all
of the listed criteria anyway (or, at the very least, as many as Linux
does), I'm not sure why this thread is even still going. Either someone
cares enough to write (or adapt) the management tools and it gets included,
or they don't and it doesn't because nobody in their right mind would
deploy it in any widespread fashion.
--
Joel Aelwyn <fenton@debian.org> ,''`.
: :' :
`. `'
`-
Attachment:
signature.asc
Description: Digital signature