On Mon, 09 Feb 2015 11:54:04 -0200, Patrick Tracanelli said: > On a bridged firewall you can have the behavior you want, whatever it is. > Passing packets with firewall is down, but the box still up.
Owen's point is that passing packets if the firewall is down is really poor security-wise. If you run in that configuration, I simply DoS your firewall (probably from one set of IP addresses), and then once it has fallen over and is being bypassed, I send my *real* malicious traffic from some other IP address, totally uninspected and unhindered. Much hilarity, hijinks, and pwnage ensues.
pgpj2227UOXur.pgp
Description: PGP signature