[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf(4) schemantics



On Fri, Mar 21, 2003 at 06:44:37PM +0100, Srebrenko Sehic wrote:
> On Fri, Mar 21, 2003 at 12:50:43PM +0100, Henning Brauer wrote:
> > I'm close to give up on you wrt to that. SOmehow it seems you don't _want_
> > to see why the filtering outbond on an interface is so important. I gave a
> > very good example why that is absolutely needed.
> Bla, bla, since traffic can originate from the firewall itself. In a lot of
> cases, it doesn't, though.
geez, get your facts straight.
traffic originates from your firewall, if you believe it or not. what about
returns, icmp, tcp ttl exceeded, dns lookups, ...
(yayayaya, ipless bridge, babble blubble babble gimmebeer)
-- 
Henning Brauer, BS Web Services, http://bsws.de
[email protected] - [email protected]
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)