Lord knows I'm no fan of IP filtering but this is a straw man.
> bubble around your network. IP filtering relies on header information
> (src, port, dst, port, flags). My usual ACL example:
> "We do not allow any inbound connections EXCEPT SMTP"
> "We allow only XYZ.COM to connect to our telnet port"
> That would be a fair policy for many corporations.
No, it wouldn't. And it wouldn't be a fair policy with proxies, either. A
more likely arrangement would be "we allow outbound connections, and we
allow inbound SMTP and FTP connections to our public access server."