[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf(4) schemantics

On Fri, Mar 21, 2003 at 06:44:37PM +0100, Srebrenko Sehic wrote:
> On Fri, Mar 21, 2003 at 12:50:43PM +0100, Henning Brauer wrote:
> > I'm close to give up on you wrt to that. SOmehow it seems you don't _want_
> > to see why the filtering outbond on an interface is so important. I gave a
> > very good example why that is absolutely needed.
> Bla, bla, since traffic can originate from the firewall itself. In a lot of
> cases, it doesn't, though.
Yeah, tell that to my OpenBSD web/file server and the desktop machine
from which I am writing this mail. I have great many reasons to filter BOTH
inbound and outbound traffic. And repeat after me: OpenBSD is NOT
just a firewall appliance. 
Also, there are MANY cases where filtering traffic originating from a firewall
is needed. Think about application level proxies for instance.