Why admin's do not trust daemons to do their own packet filtering (was Re: Resuming the great cleanup)

Richard Laager rlaager at wiktel.com
Tue May 29 20:33:16 UTC 2018

On 05/29/2018 03:32 PM, Jason Azze via devel wrote:
> I'd be pretty pissed off if, let's say, the Postfix or MySQL people took this attitude. That's why I think I'm misunderstanding. 

FWIW, I agree. It's perfectly reasonable to list the interfaces to
listen() or bind() to or whatever the call is.

That's different from doing per-packet filtering, which I agree should
be done in the kernel, not each daemon.


More information about the devel mailing list