Firewall Wizards mailing list archives

Re: Firewalls that generate new packets..

From: "Patrick M. Hausen" <hausen () punkt de>
Date: Wed, 28 Nov 2007 22:00:55 +0100

Hi!

On Tue, Nov 27, 2007 at 09:18:20PM -0800, Darren Reed wrote:

State tables allow your firewall to have a deny-all
default inbound policy and an allow-all default outbound policy.  They allow
you to assume that the Internet cannot be trusted and that your internal
network can be.


I don't see how this is any different to any other firewall.


Strict proxy firewalls cannot implement an "allow all outbound" policy.
And all the "proxy by design but packet filters as an addon" products,
I have seen so far, ship with only proxy rules enabled in their
default configuration.

So they are less convenient for a certain class of users and some
applications "do not work" out of the box. Which is the point of
the firewall. Which is a point a certain class of users does not get.

Kind regards,
Patrick M. Hausen
Leiter Netzwerke und Sicherheit
-- 
punkt.de GmbH * Vorholzstr. 25 * 76137 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
info () punkt de       http://www.punkt.de
Gf: Jürgen Egeling      AG Mannheim 108285
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Firewalls that generate new packets.., (continued)
- - - Re: Firewalls that generate new packets.. Anton Chuvakin (Nov 27)
    - Message not available
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 27)
    - Re: Firewalls that generate new packets.. Anton Chuvakin (Nov 28)
    - Re: Firewalls that generate new packets.. jason (Nov 27)
    - Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
    - Re: Firewalls that generate new packets.. Timothy Shea (Nov 28)
    - Re: Firewalls that generate new packets.. Paul Melson (Nov 28)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
    - Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
    - Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 29)
    - Re: Firewalls that generate new packets.. lordchariot (Nov 29)
  - Re: Firewalls that generate new packets.. Paul Melson (Nov 25)
    - Re: Firewalls that generate new packets.. Cat Okita (Nov 26)
    - Re: Firewalls that generate new packets.. Chris Blask (Nov 26)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 26)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 26)
    - Re: Firewalls that generate new packets.. Bill McGee (bam) (Nov 26)
    - Message not available
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 26)

(Thread continues...)