Gentoo Archives: gentoo-security

From: Roman Kennke <roman@××××××××××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Fri, 09 Jan 2004 09:37:18
Message-Id: 1073640632.485.17.camel@moonlight
1 > From the
2 > technical aspect not to answer to a request is not the right behaviour
3 > of a device conform to RFCs.
4
5 So far I followed this very interesting and insightful thread as an
6 observer, but here I must disagree. It's not about right or wrong,
7 everybody has to make its own descicion about whats right or wrong for
8 him. I respect both arguments: RFC-compliance is important, but some
9 admins are concerned about what packets are spewed out from their boxes
10 unwillingly.
11
12 What about a compromise like this: In general allow RFC-compliant
13 traffic, but thightly control REJECTs and some ICMP traffic with --limit
14 and DROP the rest, this should help alot against DoS (if this is at all
15 possible with REJECTs).
16
17
18 Best regards, Roman
19
20
21
22 --
23 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] firewall suggestions? Frank Gruellich <frank@××××××××××××.org>