[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secure installation

On Thu, Aug 16, 2007 at 02:54:16PM +0200, Izak Burger wrote:
> > does it not cover the case of packets arriving at eth0 spoofed as
> > from 127.0.0.1 ?
> 
> Right you are, that slipped my mind.

I asked because I don't remember and I really can't be bothered to
check. These things are tricky and life is short.

> I seem to recall that earlier versions of debian had rp_filter default
> to 1 (I see sarge still has this, you set spoofprotect=yes in
> /etc/network/options, and afaik it defaults to yes).
> 
> I agree with the rest of the sentiment on the list though.  I like
> lean installs.  I like to use a product called "firehol" to build my
> (admittedly very simple) firewalls, but I will never advocate that it
> be installed by default.  I'd absolutely hate it if someone forced me
> to install shorewall because they think I need to be protected from
> myself.  I think that is what most people are trying to say.

All I'm saying is, would it be possible to have a single simple
option that users could *elect* to take, that wasn't the default,
that wasn't bending anyones life out of shape, marked "Novice User"
or something :-)

Regards,
Paddy
Reply to: