Re: AUDIT_NETFILTER_PKT message format
On Tue, Feb 7, 2017 at 3:52 PM, Richard Guy Briggs <rgb(a)redhat.com> wrote:
So while I'm not advocating this is what should be done and
I'm trying
to establish bounds to the scope of this feature, but would it be
reasonable to simply not log packets that were transiting this machine
without a local endpoint?
I'm still waiting on more detailed requirements information from
Steve, but based on what we've heard so far, it seems that ignoring
forwarded traffic is a reasonable thing to do.
--
paul moore
security @ redhat