Le 22/09/2018 à 20:27, Dan Ritter a écrit :
On Sat, Sep 22, 2018 at 04:52:40PM +0200, Pascal Hambourg wrote:It does not matter what you entire point was, and I do not expect you to describe a complete firewall policy. *You* exposed a supposedly default firewall policy which I happened to find questionable, so I questioned it.You should certainly find it questionable,
Thanks for acknowledging it.
You would not have exposed a broken firewall policy on purpose in order to prove your point, would you ?Wouldn't I?
I hope not.
I am explicitly describing a firewire policy for the sake of argument, and in no way advocating it.
For the sake of argument, you should have described a sensible firewall policy or no one would have taken your point seriously. The policy you described was not sensible. Here is a common one which allows outbound "connections" :
- accept outbound packets and related inbound replies - deny other inbound packets