Re: /proc/sys/net/* proliferation

Bryan Andregg (bandregg@redhat.com)
Sun, 14 Sep 1997 14:11:02 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stephen Williams: "pciconfig_write?!"
Previous message: Horst von Brand: "pre-2.1.56: Straighten out llseek()'s arguments in fs/dquot.c"
Maybe in reply to: Richard Gooch: "/proc/sys/net/* proliferation"
Next in thread: Bryan Andregg: "Re: /proc/sys/net/* proliferation"

On Sun, 14 Sep 1997 18:58:51 +0100 (BST), Alan Cox wrote:

>> >RFC1122 does indeed require that a system is a host by default and routing
>> >must be switched on. In 2.1.x this problem goes away (its a sysctl), in
>> >2.0.x a vendor could always ship a seperate kernel
>> >
>>
>> So then would an appropriate solution also be to ship with forwarding on (in
> the
>> kernel) but the forwarding policy set to 'reject.' This would require an
>> enabling command then.
>
>The kernel then ignores ICMP redirect messages as its a router with firewalls
>not a host.
>

hmm, then perhaps two different kernels would be a good idea. I wonder how hard
it would be to beat Erik into doing this. :)

-- Bryan C. Andregg * <bandregg@redhat.com> * Red Hat Software

"Donnie were much more 'user-friendly'. May be you selective about friends:-)" -- Levente Farkas

"Hey, wait a minute, you clowns are on dope!" -- Owen Cheese in 'Shakes the Clown'

Next message: Stephen Williams: "pciconfig_write?!"
Previous message: Horst von Brand: "pre-2.1.56: Straighten out llseek()'s arguments in fs/dquot.c"
Maybe in reply to: Richard Gooch: "/proc/sys/net/* proliferation"
Next in thread: Bryan Andregg: "Re: /proc/sys/net/* proliferation"