On Thu, Jul 12, 2001 at 12:13:08PM -0400, Brian Hechinger wrote:
> also keep in mind that a lot of "services" have learned to work on port 80 to
> get through firewalls like this, so an HTTP proxy is not a bad idea either.

Not only that, but many of them will even be able to tunnel straight
through an HTTP proxy.

Blocking these services is more difficult than it at first seems.

I suggest searching the archives for the 'firewalls' mailing list, as
this topic has been discussed there repeatedly:

http://pluto.gnac.com/firewalls/

HTH.