Re: /proc/sys/net/* proliferation

Bryan Andregg (bandregg@redhat.com)
Sun, 14 Sep 1997 14:43:25 -0400


On 14 Sep 1997 19:13:18 +0200, Andi Kleen wrote:

>Note that RedHat conflicts with RFC1122 (host requirements) then:
>
>3.1 ....
> The host software MUST NOT automatically
> move into gateway mode if the host has more than one interface, as
> the operator of the machine may neither want to provide that
> service nor be competent to do so.
>
>
>Your default kernel does this. I wonder how many redhat based firewalls
>are insecure because of this ... . Please change it! I consider this
>as a major bug.
>
>Note that since 2.0.30 Linux has a ip_forward sysctl. The CONFIG_FORWARD
>option only sets the default.
>
>How about a /etc/sysconfig/ip-forwarding file in Thunderbird, that defaults
>to off? It should be easy to add an checkbox for this into netcfg and the
>install program.

I will mention this to Erik. I had seen the sysctl but had not researched this.
It is definitely worth making some kind of change for Thunderbird.

Although, I would prefer to see this added to /etc/sysconfig/network as
FORWARD=(yes|no)

--
                Bryan C. Andregg * <bandregg@redhat.com> * Red Hat Software

"Donnie were much more 'user-friendly'. May be you selective about friends:-)" -- Levente Farkas

"Hey, wait a minute, you clowns are on dope!" -- Owen Cheese in 'Shakes the Clown'