Hey,

> On 6 Jan 2019, at 10:41, Peter Müller <peter.mueller(a)link38.eu> wrote:
> 
> Hello Michael,
> 
> thanks for your reply. Sorry for the confusion.
> 
> The current behaviour is unintentional in my point of view: If default
> policy is set to DROP, connections from GREEN and BLUE to RED are
> forbidden by default, but not from ORANGE to RED. As far as I know,
> this is not even documented.
> 

This *is* intended. The code says so.

What you are saying is that it is unexpected. Agreed.

> Thereof, I suggest to change behaviour to DROP, too.
> 
> @All: Opinions?

*Raises hand in favour*

-Michael

> 
> Thanks, and best regards,
> Peter Müller
> -- 
> Microsoft DNS service terminates abnormally when it recieves a response
> to a DNS query that was never made.  Fix Information: Run your DNS
> service on a different platform.
> 		-- bugtraq