Interface cleanup (was seccomp)
Eric S. Raymond
esr at thyrsus.com
Sun May 14 01:59:06 UTC 2017
Hal Murray <hmurray at megapathdsl.net>:
> Is the interface cleanup (still) on your list? If so, where is your list
> and/or how do I find more info on why it didn't work?
It is not on my list - not since we found out that the pro-gread admin tools
like Puppy all assume that filtering by interface is possible. That suggested
strongly that we'd piss off a substantial group of admins if we didn't support
it. Or, maybe it would be better to say we couldn't bound the risk.
> I think the current syntax for setting up the filters is based on interfaces.
> Is that necessary? Can we get something that is close enough without using
> interfaces?
I don't know what "close enough" is, in this context.
> How do people use filtering? ...
>
> If I want to accept or reject 1.2.3.0/24, why does it matter which interface
> it comes in on? The case I can think of would be a router where it could
> come in on the wrong interface but you might want to reject them as
> forgeries. But does a user program see them arrive on the wrong interface or
> do they get routed internally and come in on the "right" interface?
I don't know. And because I don't, I am *extremely* wary of breaking
features people migh be relying on.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
Please consider contributing to my Patreon page at https://www.patreon.com/esr
so I can keep the invisible wheels of the Internet turning. Give generously -
the civilization you save might be your own.
More information about the devel
mailing list