Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Roman Kennke <roman@...>
Subject: Re: firewall suggestions?
Date: 09 Jan 2004 10:30:32 +0100
> From the
> technical aspect not to answer to a request is not the right behaviour
> of a device conform to RFCs.

So far I followed this very interesting and insightful thread as an
observer, but here I must disagree. It's not about right or wrong,
everybody has to make its own descicion about whats right or wrong for
him. I respect both arguments: RFC-compliance is important, but some
admins are concerned about what packets are spewed out from their boxes
unwillingly. 

What about a compromise like this: In general allow RFC-compliant
traffic, but thightly control REJECTs and some ICMP traffic with --limit
and DROP the rest, this should help alot against DoS (if this is at all
possible with REJECTs).


Best regards, Roman



--
gentoo-security@g.o mailing list

Replies:
Re: firewall suggestions?
-- Frank Gruellich
References:
Re: firewall suggestions?
-- Oliver Schad
Re: firewall suggestions?
-- Ben Cressey
Re: firewall suggestions?
-- Trevor Lauder
Re: firewall suggestions?
-- Frank Gruellich
Re: firewall suggestions?
-- Trevor Lauder
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: OT: firewall suggestions?
Next by thread:
Re: firewall suggestions?
Previous by date:
ambre00@...
Next by date:
Re: firewall suggestions?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.