[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: Implications of a permissive FORWARD chain
From:       Mark Fox <mark.fox () gmail ! com>
Date:       2014-02-19 1:25:29
Message-ID: loom.20140219T021738-741 () post ! gmane ! org
[Download RAW message or body]

Amos Jeffries <squid3 <at> treenet.co.nz> writes:

> Like you surmised earlier the implications for the client hosts is the 
> same as if your forwarding host was not there at all.

That is a salient point, Amos.

In my case, it can be argued that that's exactly what is desired. But I
agree that there are some rules that can be added to tighten things up
without unduly hampering someone who wants to add a VM or container in the
future. Spoofing can be curtailed, for example.

Thanks.

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]