Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Frank Gruellich <frank@...>
Subject: Re: firewall suggestions?
Date: Fri, 9 Jan 2004 11:42:00 +0100
* Roman Kennke <roman@...>  9. Jan 04
> > From the technical aspect not to answer to a request is not the
> > right behaviour of a device conform to RFCs.
> What about a compromise like this: In general allow RFC-compliant
> traffic, but thightly control REJECTs and some ICMP traffic with --limit
> and DROP the rest, this should help alot against DoS (if this is at all
> possible with REJECTs).

You get my full acknowledge for this.  More general I would restate,
that you MUST[1] behave conform to RFCs as long as your communication
partner does.  If (s)he offends standards (say: repetitive ignoring ICMP
errors) you MAY[1] leave standards for this host, too.

Can we reach this agreement?
 Regards, Frank.
===footnote===
[1] in the way another RFC defines this word
-- 
Sigmentation fault

--
gentoo-security@g.o mailing list

References:
Re: firewall suggestions?
-- Oliver Schad
Re: firewall suggestions?
-- Ben Cressey
Re: firewall suggestions?
-- Trevor Lauder
Re: firewall suggestions?
-- Frank Gruellich
Re: firewall suggestions?
-- Trevor Lauder
Re: firewall suggestions?
-- Roman Kennke
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: firewall suggestions?
Next by thread:
Re: firewall suggestions?
Previous by date:
grSecurity Information
Next by date:
Re: firewall suggestions?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.