Re: [PATCH] bridge: make bridge-nf-call-*tables default configurable
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: 2009-07-01 16:26:11
Possibly related (same subject, not in this thread)
- 2009-07-01 · Re: [PATCH] bridge: make bridge-nf-call-*tables default configurable · Patrick McHardy <hidden>
- 2009-07-01 · Re: [PATCH] bridge: make bridge-nf-call-*tables default configurable · Herbert Xu <herbert@gondor.apana.org.au>
- 2009-07-01 · Re: [PATCH] bridge: make bridge-nf-call-*tables default configurable · Patrick McHardy <hidden>
- 2009-07-01 · Re: [PATCH] bridge: make bridge-nf-call-*tables default configurable · Herbert Xu <herbert@gondor.apana.org.au>
- 2009-07-01 · Re: [PATCH] bridge: make bridge-nf-call-*tables default configurable · Patrick McHardy <hidden>
On Wed, Jul 01, 2009 at 09:02:02AM -0700, David Miller wrote:
Consider the posibility that the people using it aren't saying anything because things just-work for them right now. If you change this default, I guarentee we will hear from them. "everyone else" is making noise only because the default isn't what they want. There is no other reason.
FWIW I don't really care what we have as the default for bridge netfilter. I just want to make sure that people who do have bridge netfilter (and in particular, conntrack + bridge) active on their machines are aware of the security implications. Otherwise we'd be negligent. As you said distros can change the default regardless of what the kernel does. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} [off-list ref] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt