[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf(4) schemantics

On Fri, Mar 21, 2003 at 12:50:43PM +0100, Henning Brauer wrote:
> I'm close to give up on you wrt to that. SOmehow it seems you don't _want_
> to see why the filtering outbond on an interface is so important. I gave a
> very good example why that is absolutely needed.
Bla, bla, since traffic can originate from the firewall itself. In a lot of
cases, it doesn't, though.
> it would be "keep state on { interface-list }", to make that clear.
> I don't like the idea too much. I see _very_ little gain, but enough pain.
> I mean, it's not knew. We talked about that during c2k2. That is a year ago
> soon. If that idea had been so good we would have added it already, no? ;-)
I'm sure you guys will make the right judgement. I'm just tossing ideas