Re: hotmail not dealing with ECN

Gregory Maxwell (greg@linuxpower.cx)
Sat, 27 Jan 2001 19:11:59 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Thunder from the hill: "Re: Probably Off-topic Question..."
Previous message: Thunder from the hill: "Re: hotmail not dealing with ECN"

On Sat, Jan 27, 2001 at 11:09:27PM +0000, James Sutherland wrote:
> On Sat, 27 Jan 2001, David Schwartz wrote:
>
> >
> > > Firewalling should be implemented on the hosts, perhaps with centralized
> > > policy management. In such a situation, there would be no reason to filter
> > > on funny IP options.
> >
> > That's madness. If you have to implement your firewalling on every host,
> > what do you do when someone wants to run a new OS? Forbid it?
>
> Of course. Then you find out about some new problem you want to block, so
> you spend the next week reconfiguring a dozen different OS firewalling
> systems. Hrm... I'll stick with a proper firewall, TYVM!

It's this kind of ignorance that makes the internet a less secure and stable
place.

The network should not be a stateful device. If you need stateful
firewalling the only place it should be implimented is on the end node. If
management of that is a problem, then make an interface solve that problem
insted of breaking the damn network.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Thunder from the hill: "Re: Probably Off-topic Question..."
Previous message: Thunder from the hill: "Re: hotmail not dealing with ECN"