Why admin's do not trust daemons to do their own packet filtering (was Re: Resuming the great cleanup)
rlaager at wiktel.com
Tue May 29 20:33:16 UTC 2018
On 05/29/2018 03:32 PM, Jason Azze via devel wrote:
> I'd be pretty pissed off if, let's say, the Postfix or MySQL people took this attitude. That's why I think I'm misunderstanding.
FWIW, I agree. It's perfectly reasonable to list the interfaces to
listen() or bind() to or whatever the call is.
That's different from doing per-packet filtering, which I agree should
be done in the kernel, not each daemon.
More information about the devel