Le 22/09/2018 à 13:31, Dan Ritter a écrit :
On Sat, Sep 22, 2018 at 12:55:24PM +0200, Pascal Hambourg wrote:I do not see how all this replies to my question :
This comment was intended to Gene Heskett.
Why should only TCP inbound responses be allowed ? What about UDP-based protocols, ping replies (ICMP echo reply), ICMP error messages, and so on ?Given that my entire point was that no firewall policy other than "configure it yourself" will work, it's really you missing the point to expect me to describe a complete firewall policy tuned to your desires.
It does not matter what you entire point was, and I do not expect you to describe a complete firewall policy. *You* exposed a supposedly default firewall policy which I happened to find questionable, so I questioned it.
You would not have exposed a broken firewall policy on purpose in order to prove your point, would you ?