>> in both directions. State tables allow your firewall to have a deny-all
>> default inbound policy and an allow-all default outbound policy. They allow

> With today's proliferation of Trojans and Spyware, anyone with a
> Windows user population above three who has an allow-all default outbound
> policy is an idiot and populations of one to three are likely candidates
> for the club if not associate members.

I see both points but perhaps a different example show where tracking
state may be beneficial. If I have a number of servers in a DMZ that are
accessible both from the internet and inside my network I can reduce the
administrative overhead by tracking state. If I opened up port 80 into a
web server and the state was tracked the reply packet would be able to
pass back out of the firewall without having to have a rule allowing
packets from the webserver sourced from port 80 out. Why should I need to
put two rules in (one for the incoming traffic, and one for the reply)
when I can rely on the state of the packet for the reply?

firewall-wizards mailing list