Gentoo Archives: gentoo-security

From: Roman Kennke <roman@××××××××××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Fri, 09 Jan 2004 09:37:18
Message-Id: 1073640632.485.17.camel@moonlight
> From the > technical aspect not to answer to a request is not the right behaviour > of a device conform to RFCs.
So far I followed this very interesting and insightful thread as an observer, but here I must disagree. It's not about right or wrong, everybody has to make its own descicion about whats right or wrong for him. I respect both arguments: RFC-compliance is important, but some admins are concerned about what packets are spewed out from their boxes unwillingly. What about a compromise like this: In general allow RFC-compliant traffic, but thightly control REJECTs and some ICMP traffic with --limit and DROP the rest, this should help alot against DoS (if this is at all possible with REJECTs). Best regards, Roman -- gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] firewall suggestions? Frank Gruellich <frank@××××××××××××.org>