Volker Birk wrote:
> Leythos <void@nowhere.lan> wrote:
>
>>And you're wrong - the point of the router is to block IN-BOUND traffic
>>as that's what mostly causes problems for users.
>
> The problems I'm referencing are spoofed source addresses,
> which seem to come from inside, and are not blocked because the filtering
> rules misinterpret the packets as not from the outside, and b0rken FTP
> inspection, which leads into making traffic possible again.
>
> Both are problems with blocking what you're calling "in-bound traffic".

At least some of the cheap NAT/Router/"Firewall" devices (I know Leythos
does not consider them to be firewalls, I'm not arguing that they are,
they just claim to have firewalls) will reject packets from the WAN
point that spoofed source IPs claiming to have originated in the LAN. So
in this instance the cheap HW device is clearly better than the Windows
firewall because the windows firewall has no way of knowing whether the
packet is coming from the internet with a spoofed address of from the
local network.
--
Flash Gordon
Living in interesting times.
Although my email address says spam, it is real and I read it.