Firewall Wizards mailing list archives
Re: Firewalls that generate new packets..
From: jason () tacorp com
Date: Tue, 27 Nov 2007 22:39:04 -0500 (EST)
in both directions. State tables allow your firewall to have a deny-all default inbound policy and an allow-all default outbound policy. They allowWith today's proliferation of Trojans and Spyware, anyone with a Windows user population above three who has an allow-all default outbound policy is an idiot and populations of one to three are likely candidates for the club if not associate members.
I see both points but perhaps a different example show where tracking state may be beneficial. If I have a number of servers in a DMZ that are accessible both from the internet and inside my network I can reduce the administrative overhead by tracking state. If I opened up port 80 into a web server and the state was tracked the reply packet would be able to pass back out of the firewall without having to have a rule allowing packets from the webserver sourced from port 80 out. Why should I need to put two rules in (one for the incoming traffic, and one for the reply) when I can rely on the state of the packet for the reply? -Jason _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewalls that generate new packets.., (continued)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 29)
- Re: Firewalls that generate new packets.. Timothy Shea (Nov 29)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 30)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 30)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 27)
- Re: Firewalls that generate new packets.. Anton Chuvakin (Nov 27)
- Message not available
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 27)
- Re: Firewalls that generate new packets.. Anton Chuvakin (Nov 28)
- Re: Firewalls that generate new packets.. jason (Nov 27)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Timothy Shea (Nov 28)
- Re: Firewalls that generate new packets.. Paul Melson (Nov 28)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 29)
- Re: Firewalls that generate new packets.. lordchariot (Nov 29)