> does it not cover the case of packets arriving at eth0 spoofed as > from 127.0.0.1 ?
Right you are, that slipped my mind. I seem to recall that earlier versions of debian had rp_filter default to 1 (I see sarge still has this, you set spoofprotect=yes in /etc/network/options, and afaik it defaults to yes). I agree with the rest of the sentiment on the list though. I like lean installs. I like to use a product called "firehol" to build my (admittedly very simple) firewalls, but I will never advocate that it be installed by default. I'd absolutely hate it if someone forced me to install shorewall because they think I need to be protected from myself. I think that is what most people are trying to say. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
