Re: [PATCH] bridge: make bridge-nf-call-*tables default configurable | KernelTrap

Re: [PATCH] bridge: make bridge-nf-call-*tables default configurable

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Herbert Xu <herbert@...>

To: David Miller <davem@...>

Cc: <markmc@...>, <netdev@...>

Subject: Re: [PATCH] bridge: make bridge-nf-call-*tables default configurable

Date: Wednesday, July 1, 2009 - 12:26 pm

On Wed, Jul 01, 2009 at 09:02:02AM -0700, David Miller wrote:
quoted text> 
> Consider the posibility that the people using it aren't saying
> anything because things just-work for them right now.
> 
> If you change this default, I guarentee we will hear from them.
> 
> "everyone else" is making noise only because the default isn't
> what they want.  There is no other reason.

FWIW I don't really care what we have as the default for bridge
netfilter.  I just want to make sure that people who do have
bridge netfilter (and in particular, conntrack + bridge) active
on their machines are aware of the security implications.  Otherwise
we'd be negligent.

As you said distros can change the default regardless of what
the kernel does.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] bridge: make bridge-nf-call-*tables default configur..., Mark McLoughlin, (Tue Jun 30, 12:27 pm)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Patrick McHardy, (Wed Jul 1, 4:56 am)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., David Miller, (Tue Jun 30, 11:16 pm)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Mark McLoughlin, (Wed Jul 1, 6:45 am)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., David Miller, (Wed Jul 1, 12:02 pm)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Herbert Xu, (Wed Jul 1, 12:26 pm)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Patrick McHardy, (Wed Jul 1, 6:51 am)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., David Miller, (Wed Jul 1, 12:02 pm)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Patrick McHardy, (Wed Jul 1, 12:05 pm)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Mark Smith, (Wed Jul 1, 5:18 pm)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., David Miller, (Wed Jul 1, 12:08 pm)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Herbert Xu, (Tue Jun 30, 1:00 pm)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Patrick McHardy, (Wed Jul 1, 4:57 am)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Herbert Xu, (Wed Jul 1, 5:07 am)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Patrick McHardy, (Wed Jul 1, 5:21 am)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Herbert Xu, (Wed Jul 1, 12:33 pm)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Patrick McHardy, (Wed Jul 1, 1:01 pm)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., David Miller, (Tue Jun 30, 3:06 pm)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Jan Engelhardt, (Tue Jun 30, 4:16 pm)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Herbert Xu, (Tue Jun 30, 9:15 pm)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Patrick McHardy, (Wed Jul 1, 5:01 am)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Jan Engelhardt, (Tue Jun 30, 11:50 pm)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Ben Greear, (Wed Jul 1, 12:14 am)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Herbert Xu, (Wed Jul 1, 12:10 am)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Mark Smith, (Tue Jun 30, 4:57 pm)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Herbert Xu, (Tue Jun 30, 9:48 pm)

Re: [PATCH] bridge: make bridge-nf-call-*tables default conf..., Jan Engelhardt, (Tue Jun 30, 5:30 pm)

Navigation

Popular discussions


linux-kernel:
Greg Kroah-Hartman	[PATCH 002/196] Chinese: rephrase English introduction in HOWTO
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Amit K. Arora	[RFC] Heads up on sys_fallocate()
Linus Torvalds	Re: 2.6.25-rc2 System no longer powers off after suspend-to-disk. Screen becomes g...
git:

linux-netdev:
David Miller	[GIT]: Networking
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Ray Lee	Re: [BUG] New Kernel Bugs
openbsd-misc:

Colocation donated by:

Who's online

There are currently 1 user and 524 guests online.

Online users

hotpicks

Syndicate