Firewall Requirements
Some of the services/protocols can be blocked with existing router ACLs, e.g.
- nfs, r*, NT networking, telnet into BSD
To allow some services/protocols (ftp, sql*net) requires statefulness
- i.e. open connection on well know port, then data flows on ephemeral ports, so when see well known port open up ephermeral ports for duration of session
- we do not currently have a device that can do this