Why admin's do not trust daemons to do their own packet filtering (was Re: Resuming the great cleanup)

[Hal Murray]

kurt at roeckx.be said:
> Do we only have 1/2 socket by default, or do we still have a listen socket
> per interface / ip address? 

The current code has a socket per interface and a wildcard socket.

It also has another pile of (ugly) code to watch the interfaces and create a 
new socket when an interface appears and remove a socket and associated 
connections when an interface goes away.

There should potentially be similar code to track routing changes.


-- 
These are my opinions.  I hate spam.