[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter
Subject: Re: Implications of a permissive FORWARD chain
From: Mark Fox <mark.fox () gmail ! com>
Date: 2014-02-19 1:25:29
Message-ID: loom.20140219T021738-741 () post ! gmane ! org
[Download RAW message or body]
Amos Jeffries <squid3 <at> treenet.co.nz> writes:
> Like you surmised earlier the implications for the client hosts is the
> same as if your forwarding host was not there at all.
That is a salient point, Amos.
In my case, it can be argued that that's exactly what is desired. But I
agree that there are some rules that can be added to tighten things up
without unduly hampering someone who wants to add a VM or container in the
future. Spoofing can be curtailed, for example.
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic