>> > can only be changed at compile time (as in 2.0.x) it should be on so the
>> > functionality is there for those who need it.
>>
>> No, it shouldn't because it can cause serious harm and security holes
>> on multihomed hosts. I'm pretty sure that the host requirements RFC
>> requires an explicit user action to enable it.
>
>RFC1122 does indeed require that a system is a host by default and routing
>must be switched on. In 2.1.x this problem goes away (its a sysctl), in
>2.0.x a vendor could always ship a seperate kernel
>
So then would an appropriate solution also be to ship with forwarding on (in the
kernel) but the forwarding policy set to 'reject.' This would require an
enabling command then.
--
Bryan C. Andregg * <bandregg@redhat.com> * Red Hat Software
"Donnie were much more 'user-friendly'. May be you selective
about friends:-)" -- Levente Farkas
"Hey, wait a minute, you clowns are on dope!"
-- Owen Cheese in 'Shakes the Clown'