On 21.05.14 16:58 , Philip Homburg wrote:
...
I'm curious what this firewall is trying to do. If it allows unrestricted outbound connectivity over ssh, but not ssh on port 443. What is that rule trying to protect?
That is all an interesting discussion but not all that useful. Our decision to use 443 comes from our experience/expectation that 443 is more permeable than 22. However the protocol we are running "belongs" on 22 and it is somewhat silly to not use that port when it is in fact usable. So I think it is a reasonable request to use 22 when available. Again: the relative priority of this is another question that depends on the number of cases where 22 works and 443 does not. Currently I would not expect this to happen often. But that may change as middle box silliness increases. So I suggest again to put it on the list of requests with low priority. Daniel