On Tue, Feb 7, 2017 at 3:52 PM, Richard Guy Briggs <[email protected]> wrote: > So while I'm not advocating this is what should be done and I'm trying > to establish bounds to the scope of this feature, but would it be > reasonable to simply not log packets that were transiting this machine > without a local endpoint?
I'm still waiting on more detailed requirements information from Steve, but based on what we've heard so far, it seems that ignoring forwarded traffic is a reasonable thing to do. -- paul moore security @ redhat -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
