Iljitsch -
I believe this is fairly common when third party consultants/vendors need access to a network. I've had customers open holes in their firewalls so I could connect to their routers on more than a few occassions in my consulting days.
This indeed seems like a common case; thanks for sharing. Having said that, the negative consequences of the questionable firewall entries depend a little bit on the lifetime of those entries. In the case you are describing, the firewall entries are probably of temporary lifetime only. This reduces the likelihood for them to be affected by renumbering of the consultant/vendor's network. Of course, one could image situations similar to the one you are describing where the firewall entries have longer lifetime. - Christian -- to unsubscribe send a message to rrg-request@psg.com with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg