Hi,

(Please Cc: any subsequent reply to the public [email protected] ML.)

> It seems that the default policy should always be DENY, rather
> than ACCEPT.

The filter table policies are set to DROP, so let's assume you're
talking of the nat table.

If we'd set the nat table policies to DROP, we would have to
duplicate all our white-list rules from the filter table to the
nat table, which means more maintenance work, so unless we're
shown practical issues that are created by leaving the current
ACCEPT policies in the nat table, I doubt we'll change this.


-- 

Attachment: pgpIw6whUAJ4p.pgp
Description: PGP signature

_______________________________________________
tails-dev mailing list
[email protected]
https://mailman.boum.org/listinfo/tails-dev

Reply via email to