> So, no reason for a firewall author to check these bits.
Read it again.
Firewalls must drop Data which is violating the protocol and they must in
Addition to that even drop Data which is not violating the protocol but beeing
suspicious of triggering errors at the receiver side. And Reserved Bit's are
clearly a Thing you, as a Firewall Vendor will block as long as you don't be
sure that the computers you want to secure don't break.
A good example are valid (according to the protocol) chars in email addressses
like '!'. Even if it is perfectly valid you will not consider a firewall do
pass it, or?
Well, of course the best solution would be to make this configurable, but I
guess thats a problem ith recent commercial Firewalls, they promise PnP
security and dont want to confuse the users with too many settings.
After all it is a good idea to leave some decisions to educated professionals
than to normal Firewall admins.
Greetings
Bernd
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/