On 08/27/08 16:37, Bill Sommerfeld wrote:
On Wed, 2008-08-27 at 16:15 -0700, Darren Reed wrote:
...
But that said, the greater question you've asked is a good one:
is it an acceptable policy to allow service administrators, rather
than a host administrator to control network access to a service?
Unless I'm mistaken, the spec as written would allow *any* service
administrator to inject essentially arbitrary rules into the global
ipf.conf.
Given David's replies, do you still see that as being possible?
But if there is an overall policy that should be applied instead,
like you are suggesting, then my take on this is that it falls outside
of what this project is delivering.
so this project is just intended to provide the impression of security
without actually providing any real controls on traffic flow?
Maybe I should ask, what would you define as being an "overall policy"?
When I think of that, in terms of ipf, I think someone is delivering a
specific
ipf.conf file, and use of that (instead of per-service configuration) is
outside
of what this project is doing.
Darren
_______________________________________________
networking-discuss mailing list
[email protected]
