Why admin's do not trust daemons to do their own packet filtering (was Re: Resuming the great cleanup)
hmurray at megapathdsl.net
Tue May 29 17:46:13 UTC 2018
mark.atwood at ntpsec.org said:
> There are a couple of different but very similar angles of approach to
> explain why a network security experts will not trust a userspace daemon to
> control it's own defensive packet filtering.
My reading of Eric's concerns is that he doesn't want to remove a feature
that somebody is (or might be) using.
We can describe removing this feature as a security feature. If you need
filtering, you should do it right. Removing our filters would be a push in
These are my opinions. I hate spam.
More information about the devel