Why admin's do not trust daemons to do their own packet filtering
hmurray at megapathdsl.net
Tue May 29 19:29:12 UTC 2018
> We could kill the interface command, and let the usual syntax error happen.
> Or we could raise a special syntax error, calling out the need to use the
> packet filter instead. Then the question becomes, is it a warn-and-continue,
> or a error-and-halt?
Error and halt. (or set a flag to halt after the rest of the parsing)
This is a security issue. We don't want to let evil packets in.
These are my opinions. I hate spam.
More information about the devel