RE: This is a must read document. It will freak you out

[dgillett]

  NO.

  "Egress filtering" is making sure that traffic that leaves your 
network borders meets some basic sanity checks.  Most commonly, that 
it carries source addresses that indicate that it originated inside 
your perimeter, so you know none of your users are spoofing randomly. 
[This doesn't actually help much if one user is trying to spoof to 
look like another, but (a) most spoofers won't even try that, and (b) 
you probably have access to MAC addresses and can determine that that 
is happening.]

  A firewall is a (any) device that enforces network policy by 
blocking traffic that violates policy, and (preferably) provides log 
information indicating that it has done so.  There's no inherent 
directionality to this definition.

David Gillett


On 9 Jun 2001, at 1:10, Zachary Uram wrote:

> what is egress filtering?
> ingress filtering is a firewall yes?

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]