Why admin's do not trust daemons to do their own packet filtering (was Re: Resuming the great cleanup)

Hal Murray hmurray at megapathdsl.net
Tue May 29 17:46:13 UTC 2018

Nice.   Thanks.

mark.atwood at ntpsec.org said:
> There are a couple of different but very similar angles of approach to
> explain why a network security experts will not trust a userspace daemon to
> control it's own defensive packet filtering. 

My reading of Eric's concerns is that he doesn't want to remove a feature 
that somebody is (or might be) using.

We can describe removing this feature as a security feature.  If you need 
filtering, you should do it right.  Removing our filters would be a push in 
that direction.

These are my opinions.  I hate spam.

More information about the devel mailing list