Le 22/09/2018 à 20:27, Dan Ritter a écrit :
On Sat, Sep 22, 2018 at 04:52:40PM +0200, Pascal Hambourg wrote:
It does not matter what you entire point was, and I do not expect you to
describe a complete firewall policy. *You* exposed a supposedly default
firewall policy which I happened to find questionable, so I questioned it.
You should certainly find it questionable,
Thanks for acknowledging it.
You would not have exposed a broken firewall policy on purpose in order to
prove your point, would you ?
Wouldn't I?
I hope not.
I am explicitly describing a firewire policy for the sake of
argument, and in no way advocating it.
For the sake of argument, you should have described a sensible firewall
policy or no one would have taken your point seriously. The policy you
described was not sensible. Here is a common one which allows outbound
"connections" :
- accept outbound packets and related inbound replies
- deny other inbound packets
