There are good arguments against stateful filtering. Consider a virus that tells infected machines to connect to a zombiemaster (or tftp server, or...) on a specified IP and (possibly nonstandard) port. Disallowing outbound connections - except for those on a specific manageable list - can help put a stop to that sort of thing.
Admittedly, most setups require stateful filtering. > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Hmm, what kind of firewall is it? Surely it can do stateful > filtering. > Ie, allow ping out and back in again. And the same with > other traffic. I > know that's what I do with our linux firewall... > > From: Anders Norrbring [mailto:[EMAIL PROTECTED] > I just learned that Razor should be able to "ping" servers, can it do > without the ping? I have a very tight firewall, and I really > don't like to > open it up for ICMP traffic... > > Anders. ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Razor-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/razor-users
