On Fri, Mar 21, 2003 at 06:44:37PM +0100, Srebrenko Sehic wrote: > On Fri, Mar 21, 2003 at 12:50:43PM +0100, Henning Brauer wrote: > > > I'm close to give up on you wrt to that. SOmehow it seems you don't _want_ > > to see why the filtering outbond on an interface is so important. I gave a > > very good example why that is absolutely needed. > > Bla, bla, since traffic can originate from the firewall itself. In a lot of > cases, it doesn't, though.
Yeah, tell that to my OpenBSD web/file server and the desktop machine from which I am writing this mail. I have great many reasons to filter BOTH inbound and outbound traffic. And repeat after me: OpenBSD is NOT just a firewall appliance. Also, there are MANY cases where filtering traffic originating from a firewall is needed. Think about application level proxies for instance. Can