Home » Mailing list archives » openbsd-misc » 2008 » July » 1

Re: sloppy states and dsr

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Theo de Raadt <deraadt@...>
To: Henning Brauer <lists-openbsd@...>
Cc: <misc@...>
Subject: Re: sloppy states and dsr
Date: Tuesday, July 1, 2008 - 2:35 am

> * Ted Unangst  [2008-06-20 20:50]:


sloppy state handling use, follow these two rules:


rule one:


       if you exactly understand how to use sloppy state safely, use it


NO:    otherwise, don't even dream of using it, unless you come from

       an linux ipfilter world, in which case, it is probably as good

       as that


it is that simple. really.


the second basic rule is:


	if the regular 'strict' state handling does not work for you in

	specific situations, you probably already already know the

	problem in enough detail and can use sloppy, for very specific

	situations which you understand in excruciating detail.  if you

	don't understand those situations exactly go back to NO.
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
sloppy states and dsr, Ted Unangst, (Fri Jun 20, 2:47 pm)
Re: sloppy states and dsr, Henning Brauer, (Mon Jun 30, 8:33 pm)
Re: sloppy states and dsr , Theo de Raadt, (Tue Jul 1, 2:35 am)
Re: sloppy states and dsr, Paul de Weerd, (Fri Jun 20, 8:24 pm)
Re: sloppy states and dsr, Pierre-Yves Ritschard, (Fri Jun 20, 2:58 pm)
Re: sloppy states and dsr, Darrin Chandler, (Fri Jun 20, 3:49 pm)
Re: sloppy states and dsr, Ryan McBride, (Fri Jun 20, 8:12 pm)
Re: sloppy states and dsr, Darrin Chandler, (Fri Jun 20, 8:58 pm)