Gentoo Archives: gentoo-security

From: Frank Gruellich <frank@××××××××××××.org>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Fri, 09 Jan 2004 10:46:08
Message-Id: 20040109104200.GA4413@home.manuelm.org
In Reply to: Re: [gentoo-security] firewall suggestions? by Roman Kennke
1 * Roman Kennke <roman@××××××××××××.com> 9. Jan 04
2 > > From the technical aspect not to answer to a request is not the
3 > > right behaviour of a device conform to RFCs.
4 > What about a compromise like this: In general allow RFC-compliant
5 > traffic, but thightly control REJECTs and some ICMP traffic with --limit
6 > and DROP the rest, this should help alot against DoS (if this is at all
7 > possible with REJECTs).
8
9 You get my full acknowledge for this. More general I would restate,
10 that you MUST[1] behave conform to RFCs as long as your communication
11 partner does. If (s)he offends standards (say: repetitive ignoring ICMP
12 errors) you MAY[1] leave standards for this host, too.
13
14 Can we reach this agreement?
15 Regards, Frank.
16 ===footnote===
17 [1] in the way another RFC defines this word
18 --
19 Sigmentation fault
20
21 --
22 gentoo-security@g.o mailing list