Interface cleanup (was seccomp)
Hal Murray
hmurray at megapathdsl.net
Sat May 13 23:12:00 UTC 2017
Eric said:
> The way I wanted to fix this was by going to a simpler socket-IO design in
> which everything is dome through wildcard interfaces. That plan got shot
> down by the requirement to support per-interface filtering rules.
Is the interface cleanup (still) on your list? If so, where is your list
and/or how do I find more info on why it didn't work?
I think the current syntax for setting up the filters is based on interfaces.
Is that necessary? Can we get something that is close enough without using
interfaces?
How do people use filtering? ...
If I want to accept or reject 1.2.3.0/24, why does it matter which interface
it comes in on? The case I can think of would be a router where it could
come in on the wrong interface but you might want to reject them as
forgeries. But does a user program see them arrive on the wrong interface or
do they get routed internally and come in on the "right" interface?
--
These are my opinions. I hate spam.
More information about the devel
mailing list