On Tue, Nov 27, 2007 at 09:18:20PM -0800, Darren Reed wrote:
> >State tables allow your firewall to have a deny-all
> >default inbound policy and an allow-all default outbound policy. They a=

> >you to assume that the Internet cannot be trusted and that your internal
> >network can be.

> =

> I don't see how this is any different to any other firewall.

Strict proxy firewalls cannot implement an "allow all outbound" policy.
And all the "proxy by design but packet filters as an addon" products,
I have seen so far, ship with only proxy rules enabled in their
default configuration.

So they are less convenient for a certain class of users and some
applications "do not work" out of the box. Which is the point of
the firewall. Which is a point a certain class of users does not get.

Kind regards,
Patrick M. Hausen
Leiter Netzwerke und Sicherheit
-- =

punkt.de GmbH * Vorholzstr. 25 * 76137 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
info@punkt.de http://www.punkt.de
Gf: J=FCrgen Egeling AG Mannheim 108285
firewall-wizards mailing list