Re: question about SPF (mr Meskes, I suppose?)
On Wed, Mar 22, 2000 at 01:23:35PM +0100, Tamas TEVESZ wrote:
> just one remark. the only thing everyone seemed to forget to mention
> is that filtering udp packets is [simple?] packet filtering, not
> stateful packet filtering, as udp is stateless by nature.
Yes, udp is stateless, but we are talking about a stateful filter i.e. a
firewall that keeps track of all open connections and enables packets to get
in if and only if a connections was initiated from the inside.
And this works for udp as well. For instance my spf sets up a rule everytime
I query a name server. But if I do not do that no udp packet from port 53 on
the internet may enter.
Michael
--
Michael Meskes | Go SF 49ers!
Th.-Heuss-Str. 61, D-41812 Erkelenz | Go Rhein Fire!
Tel.: (+49) 2431/72651 | Use Debian GNU/Linux!
Email: Michael@Fam-Meskes.De | Use PostgreSQL!
Reply to: