Hi, With the current firewall, a spoofed packet can travel all the way to the ip/ip6 hook, where it is dropped.
Considering the general security principle to stop attacks as far as possible, why is it not dropped early in the ingress hook instead, thus also saving additional CPU cycles? -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20240422192630.23688afe%40localhost.
