> Marcus J. Ranum wrote:
> Isaac Van Name wrote:
> >You have referred to packet-based
> >firewalls as being outdated.

> I'm not sure if they're "outdated" as much as "never were
> particularly good to begin with"

I agree.

There is a reminder for the younger. Take a look at that Brent Chapman's paper
from 1992: Network (In)Security Through IP Packet Filtering

And that paper from 14 years ago told us that "testing and monitoring filters is
And 14 years ago, all those firewall-friendly (HTTP-tunneling)application did
not even exist!

firewall-wizards mailing list