Darren Reed wrote:
Mike Ditto wrote:
Dave Miner wrote On 03/07/06 08:22,:
[about enabling/disabling whether IPFilter filters loopback traffic]
- it should be easy for the user to make this selection in the context
of other tasks they'd be doing to configure the filtering feature. It
should be part of what they'd normally do to set other aspects of
filtering policy.
Absolutely. Ideally, this parameter setting should be considered part
of the rule set and should be stored in the same file. A set of rules
is always written with a particular expectation of this setting and it
would be wrong to execute it with the wrong setting because it would
not have the intended effect.
But that doesn't mean it's easy to add such a notation to the rule file
format in a compatible way.
My preference is to divide describing the security policy (filter rules)
from system or filter configuration.
This may be a reasonable position. The issue, to me, is that I think
the loopback filtering is part of the former, not the latter.
Dave
_______________________________________________
networking-discuss mailing list
[email protected]
