Why admin's do not trust daemons to do their own packet filtering (was Re: Resuming the great cleanup)

[Hal Murray]

Nice.   Thanks.

mark.atwood at ntpsec.org said:
> There are a couple of different but very similar angles of approach to
> explain why a network security experts will not trust a userspace daemon to
> control it's own defensive packet filtering. 

My reading of Eric's concerns is that he doesn't want to remove a feature 
that somebody is (or might be) using.

We can describe removing this feature as a security feature.  If you need 
filtering, you should do it right.  Removing our filters would be a push in 
that direction.


-- 
These are my opinions.  I hate spam.