From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Forward default "DROP" is not applied to ORANGE traffic?! Date: Mon, 07 Jan 2019 12:57:16 +0000 Message-ID: <64A607A8-C9ED-4CA1-99A3-FF1D19182AFD@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4505201673296526016==" List-Id: --===============4505201673296526016== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Hey, > On 6 Jan 2019, at 10:41, Peter Müller wrote: > > Hello Michael, > > thanks for your reply. Sorry for the confusion. > > The current behaviour is unintentional in my point of view: If default > policy is set to DROP, connections from GREEN and BLUE to RED are > forbidden by default, but not from ORANGE to RED. As far as I know, > this is not even documented. > This *is* intended. The code says so. What you are saying is that it is unexpected. Agreed. > Thereof, I suggest to change behaviour to DROP, too. > > @All: Opinions? *Raises hand in favour* -Michael > > Thanks, and best regards, > Peter Müller > -- > Microsoft DNS service terminates abnormally when it recieves a response > to a DNS query that was never made. Fix Information: Run your DNS > service on a different platform. > -- bugtraq --===============4505201673296526016==--