Picky I know, but "Microsoft Windows doesn't support passive mode" is wrong. To the best of my knowledge it has always supported passive mode when browsing to an FTP url and XP, at least, supports the "quote PASV" command in the DOS FTP client.
Also in your example at the end of Page 1, you state that the firewall does NOT handle outbound UDP properly but your rules prevent inbound UDP packets, so DNS lookups (and any other 2-way UDP application) would fail.
Also in your example at the end of Page 1, you state that the firewall does NOT handle outbound UDP properly but your rules prevent inbound UDP packets, so DNS lookups (and any other 2-way UDP application) would fail.
Otherwise a good and useful article, thanks.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1867/601#601