Carsten Bormann wrote on 2022-09-30 00:18:
On 2022-09-30, at 07:54, Paul Vixie <[email protected]> wrote:
(my network, my rules.)
You can implement that by suppressing traffic that doesn’t authorize visibility.
if visibility is authorizable, and if the on-the-wire format allows a
gateway to know if visibility has been authorized for a packet, your
statement holds true.
an example of this is dropping UDP that doesn't come from one of a few
local servers or go to one of a few distant services. i don't like it.
another example is a firewall rule for "use a proxy or stay home". i
don't like this either.
what did you have in mind as an example of this, that i might not dislike?
--
P Vixie
