In their great wisdom, the framers of IP allowed that one size might not
fit all and so allow User Defined Protocols. The have their place but
IMNSHO, not across a firewall - if you need a 'wall, *by definition* you
must be able to control it. I have yet to find anything that I need
to do across a firewall that cannot be found within TCP except ICMP
(and am working on a proxy for that).
If am responsible for a gate, then am only going to allow things
that are understand across it and I am still learning. Does anyone out
there feel they know it all ? The more learned, the more I find that is
not understood & UDPs are about as close to chaos as you can get
To me, I want some justification before more than PING, SMTP, Telnet,
FTP, NNTP, and HTTP cross the 'wall and have usually been able to
give people a way to do what they want within this. Would rather
provide an authenticated dial-up to the user if more is needed. Personally
cannot think of any legitemate requirement for FINGER that cannot be
satisfied by a telephone call.
Am sorry if this is not a PC viewpoint and do not want to imply that
I am always happy with what is implimented. Just my opinion.
From: paul @
com (Paul Ferguson)