Re: patch: policy update by id

netdev

Re: patch: policy update by id

To:	"David S. Miller" <davem@xxxxxxxxxxxxx>
Subject:	Re: patch: policy update by id
From:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date:	Thu, 28 Apr 2005 12:56:44 +1000
Cc:	hadi@xxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to:	<20050427194356.58a3e618.davem@xxxxxxxxxxxxx>
References:	<1114602874.7670.4.camel@xxxxxxxxxxxxxxxxxxxxx> <1114604657.7670.22.camel@xxxxxxxxxxxxxxxxxxxxx> <1114604826.7670.24.camel@xxxxxxxxxxxxxxxxxxxxx> <20050427233924.GA22238@xxxxxxxxxxxxxxxxxxx> <1114650816.7663.13.camel@xxxxxxxxxxxxxxxxxxxxx> <20050428012135.GA22950@xxxxxxxxxxxxxxxxxxx> <20050428013014.GA23043@xxxxxxxxxxxxxxxxxxx> <1114653140.7663.36.camel@xxxxxxxxxxxxxxxxxxxxx> <20050428020754.GA23326@xxxxxxxxxxxxxxxxxxx> <20050427194356.58a3e618.davem@xxxxxxxxxxxxx>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.5.6+20040907i

On Wed, Apr 27, 2005 at 07:43:56PM -0700, David S. Miller wrote:
> 
> I'm willing to reneg on that position if you can convince me
> that security minded folks won't be surprised by this pseudo-
> aliasing.  For example, do firewall systems tend to support
> such priority schemes?  If so, I guess we can do it.

Well netfilter certainly follows this scheme:

$ iptables -I INPUT -s 3.3.3.3 -d 4.4.4.4 -j ACCEPT
$ iptables -I INPUT -s 3.3.3.3 -d 4.4.4.4 -j ACCEPT
$ iptables -v -L INPUT -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 ACCEPT     all  --  *      *       3.3.3.3              4.4.4.4     
    0     0 ACCEPT     all  --  *      *       3.3.3.3              4.4.4.4     

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: patch: policy update by id, (continued) Re: patch: policy update by id, Herbert Xu Re: patch: policy update by id, jamal Re: patch: policy update by id, Herbert Xu Re: patch: policy update by id, Herbert Xu Re: patch: policy update by id, jamal Re: patch: policy update by id, Herbert Xu Re: patch: policy update by id, jamal Re: patch: policy update by id, Herbert Xu Re: patch: policy update by id, jamal Re: patch: policy update by id, David S. Miller Re: patch: policy update by id, Herbert Xu <= Re: patch: policy update by id, jamal Re: patch: policy update by id, Herbert Xu Re: patch: policy update by id, Thomas Graf Re: patch: policy update by id, Patrick McHardy Re: patch: policy update by id, Thomas Graf Re: patch: policy update by id, jamal Re: patch: policy update by id, jamal Re: patch: policy update by id, Herbert Xu Re: patch: policy update by id, jamal Re: patch: policy update by id, Patrick McHardy

Previous by Date:	Re: patch2: del/get byid, jamal
Next by Date:	Re: patch2: del/get byid, Herbert Xu
Previous by Thread:	Re: patch: policy update by id, David S. Miller
Next by Thread:	Re: patch: policy update by id, jamal
Indexes:	[Date] [Thread] [Top] [All Lists]