On Thu, 26 Jan 1995, Stephen Harold Goldstein wrote:
> I just got back from ComNet '95 in D.C., and heard some rather
> disturbing "info" from a firewall vendor who shall remain nameless.
> He claimed that some manufacturer's routers (wouldn't specify) will
> re-arrange the order in which ACL entries are processed for efficiency
> reasons, possibly leading to unintended results such as packets getting
> through that should have been blocked.
That is certainly the case with Telebit NetBlazers up through the
currently shipping version (2.3). I think there are also other charming
features like a (poorly documented) limit on the number of ports
specified in a ACL where if you specify more than that number, it
(silently) drops the additional ports.
717 Seville Road
Wadsworth, Ohio 44281