Ben, You note:
>If it didn't it would be a bug I would say it would only be a bug if it were implemented in such a way that you *thought* you were operating with a committed policy (i.e., the install was successful), but connections were still up that did not pass the new rules. If, on the other hand, the connections that did not match the current policy were torn down as an intermediate step in the policy installation, this would be appropriate. Time-consuming and unlikely to be implemented, perhaps, but not insecure. That's all, Sandy _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
