Why admin's do not trust daemons to do their own packet filtering

[Hal Murray]

> We could kill the interface command, and let the usual syntax error happen.
> Or we could raise a special syntax error, calling out the need to use the
> packet filter instead.  Then the question becomes, is it a warn-and-continue,
>  or a error-and-halt? 

Error and halt.  (or set a flag to halt after the rest of the parsing)

This is a security issue.  We don't want to let evil packets in.






-- 
These are my opinions.  I hate spam.