NO. "Egress filtering" is making sure that traffic that leaves your network borders meets some basic sanity checks. Most commonly, that it carries source addresses that indicate that it originated inside your perimeter, so you know none of your users are spoofing randomly. [This doesn't actually help much if one user is trying to spoof to look like another, but (a) most spoofers won't even try that, and (b) you probably have access to MAC addresses and can determine that that is happening.] A firewall is a (any) device that enforces network policy by blocking traffic that violates policy, and (preferably) provides log information indicating that it has done so. There's no inherent directionality to this definition. David Gillett On 9 Jun 2001, at 1:10, Zachary Uram wrote: > what is egress filtering? > ingress filtering is a firewall yes? - [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe firewalls" in the body of the message.]