Subj : Re: Connect...??
To   : Markus Reschke
From : Tony Langdon
Date : Mon Jan 16 2017 08:08:00

-=> Markus Reschke wrote to Tony Langdon <=-

 MR> That would be a stateful firewall. The most common setup is to allow
 MR> everything from LAN to the WAN, and only allow related packets from WAN
 MR> to LAN.

Yes, that is by far the most common default setup, and then exceptions to allow
specific incoming traffic are added by the admin as needed.

 MvV>> It can also detect certain kind of attacks, port scans, flooding etc.

 MR> And that's an IDS. But an IDS could be integrated in a firewall
 MR> product. Commonly they are labeled "UTM".

A firewall can be a combination of other components, such as a stateful packet
filter and an IDS

 MvV>>  Plus that a firewall can also act on outgoing traffic. OTOH, a
 MvV>> firewall can not do translation. It is not a NAT.

 MR> A firewall is a special kind of router. So NAT is an optional feature
 MR> of a firewall.

Depends what the intent is.

 MR> Sometimes it's the side effect you're interested in :)

True, provided you do it with full knowledge of the implications, and not
simply using ignorant assumptions and hearsay. :)


.... In matters of conscience, the law of majority has no place.
--- MultiMail/Win32 v0.49
 * Origin: Freeway BBS - freeway.apana.org.au (3:633/410)

.