> Perhaps, but this is not typically what enterprises are interested in
> when they want scoping. The purpose of scoping is to make no
> communication possible, not egress-only (because egress-only could be
> used to create a tunnel).
Having a conceptual model with 3 top-level classes defined in the firewall
1. no communication through the firewall
2. outbound only
3. open
is simple enough to prevent unintended side-effects of other filters.
Then you can have the ability to further *restrict* the classes with more
detailed rules (e.g. to restrict certain IP addresses in 2 to not allow
outbound for certain protocols and ports) but no ability to have rules which
are less restrictive that the basis for the class.
This is not rocket science - just sound conceptual models for a UI.
> Keep in mind that at times firewalls that do not NAT could be replaced
> by a cross-over cable (for short periods of time, in case of upgrades
> for example). I know, nobody is supposed to do that; nevertheless it is
And people rewire light switches at home without turning off the power too.
In many cases that works if you are careful, even though it isn't recommended
practise!
Point being that neither household electrical appliances nor the nationwide
electrical grid had any additional requirements placed upon it
to make it safer rewiring with the power on.
I don't think it makes sense placing additional requirements on
the Internet applications or the IP infrastructure to make firewall
temporary replacement with a cross-over cable any safer either.
Erik
_______________________________________________
Saad mailing list
Saad@ietf.org
https://www1.ietf.org/mailman/listinfo/saad
