Le 10-01-05 à 21:29, Dobbins, Roland a écrit :
Stateful firewalls make absolutely no sense in front of servers, given that by definition, every packet coming into the server is unsolicited (some protocols like ftp work a bit differently in that there're multiple bidirectional/omnidirectional communications sessions, but the key is that the initial connection is always unsolicited).
Most hosts are in some measure servers and clients. Sometimes a "server" might want to make an outbound connection for a legitimate reason (say a DNS lookup or zone transfer). Sometimes it might be tricked into doing so for nefarious reasons (like the old reverse telnet trick of binding a shell to an outbound tcp connection). A properly configured firewall will prevent latter. -w