Randy B wrote:
> You provide no concrete reasoning for your speculations, and I think
> that you're wrong.
What speculation?
That networks are inherently based on interfaces, not IP subnets.
That the basis of networking is how specific machines'
interfaces are linked, be it at layer 2 or layer 7?
I say that if anti-spoofing is correctly implemented, then you can
happily further disregard anything related to interfaces.
You say that one can't - I don't understand you.
This kind of hand-waving really makes me itch for ad-hominem attacks,
but I'm going to thus far resist.
Aye?
Sorry.
No, I'm saying that any level of indirection is going to cover up edge
cases and make them impossible to deal with - this is the reality of
programming.
Ok, you may say that, and in principle I agree.
Except that it looks to me like a mathematical fact that if you do
anti-spoofing correctly, then there are per definition zero edge
cases.
Under the covers, regardless of what you think is happening,
some poor sod at CheckPoint has programmed some arguably
intelligent code that does it's best to translate your your intent
from the GUI into an interface-based ruleset.
So far, noone's been able to convince me that the poor sod hasn't done
a perfect job.
Clinically insane - I have the papers and take the medicine
:-D
It's [iptables] what I know and what I like, and has
all the edge cases I can possibly think of covered.
What are those edge cases, exactly?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
