17 Jun
2015
17 Jun
'15
2:45 a.m.
On Tue, Jun 16, 2015 at 11:01 PM, Brian Kantor <Brian(a)ucsd.edu> wrote:
If in fact the HAMWAN entry is needed, I can ask Chris
to undo the
restriction and then we'll just have to be extra vigilent about checking
new gateway entries. Mistakes will happen and have to be corrected.
A more robust check would be to ping whatever gateway IP is entered.
If a reply is received, allow it, if not, report the error to the user
("no route to host", etc.). Also check that the IP is not within its
own subnet. I'd be impressed if someone succeeded in passing the first
test and not the second, but not surprised.
(If you're one of those who blocks ICMP, you're intentionally breaking
things and you can deal with your own mess.)
Tom KD7LXL