- known-good IPs -- these are fully authenticated;
- believed trustworthy -- OK if a known-good is in the
Receved headers;
- believed-bad IPs -- recommend discarding.
I think a fourth category may be needed: Unknown -- IPs that
are untrusted, but not necessarily bad.
Otherwise, we risk falling into the mindset that anything not
explicitly permitted is to be dropped.
Actually, that is EXACTLY the mindset that should be adopted. If we don't
adopt this mindset we might as well trust everything by default like we have
for the past fifteen+ years. Or is it twenty+ years?
--
PGP key (0x0AFA039E):
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
Sometimes it's hard to tell where the game ends and where reality bites,
er, begins. <http://vmyths.com/resource.cfm?id=50&page=1>