Re: Implications of a permissive FORWARD chain

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mark Fox <mark.fox@gmail.com>
To: netfilter@vger.kernel.org
Subject: Re: Implications of a permissive FORWARD chain
Date: Wed, 19 Feb 2014 01:25:29 +0000 (UTC)	[thread overview]
Message-ID: <loom.20140219T021738-741@post.gmane.org> (raw)
In-Reply-To: f076ff4850264eaf59f4fe96b8ba5169@treenet.co.nz

Amos Jeffries <squid3 <at> treenet.co.nz> writes:

> Like you surmised earlier the implications for the client hosts is the 
> same as if your forwarding host was not there at all.

That is a salient point, Amos.

In my case, it can be argued that that's exactly what is desired. But I
agree that there are some rules that can be added to tighten things up
without unduly hampering someone who wants to add a VM or container in the
future. Spoofing can be curtailed, for example.

Thanks.

next prev parent reply	other threads:[~2014-02-19  1:25 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-18 17:53 Implications of a permissive FORWARD chain Mark Fox
2014-02-18 19:29 ` Leonardo Rodrigues
2014-02-18 20:02   ` Mark Fox
2014-02-18 21:03     ` Amos Jeffries
2014-02-19  1:25       ` Mark Fox [this message]
2014-02-18 22:10     ` Neal Murphy
2014-02-19  2:34       ` Mark Fox
2014-02-19  2:52         ` Neal Murphy
2014-02-19 14:38           ` Mark Fox
2014-02-19 18:12             ` Neal Murphy
2014-02-22 23:02             ` Pascal Hambourg
2014-02-26 15:42               ` Mark Fox
2014-02-18 19:57 ` Ambroz Bizjak
2014-02-19  2:38   ` Mark Fox

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=loom.20140219T021738-741@post.gmane.org \
    --to=mark.fox@gmail.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.