Re: A question to ask.
There is a simple solution if you are using ipchains. You have to filter on the
ACK or SYN bit in addition to the port. (Most Novell and NT-based firewalls use
the ACK bit; ipchains uses the SYN bit). Basically the first packet in an IP
conversation always has the SYN bit set and the ACK bit cleared. Subsequent
packets in that same conversation all have the ACK bit set and the SYN bit
cleared.
What you need are rules in the firewall that do the folllowing:
Inbound: Accept TCP packets on port 80 that have the SYN flag cleared
Outbound: Accept TCP packets on port 80 regardless of the state of the SYN flag
Take a look in the ipchains howto for the syntax (and a better explanation of
the above).
Harry Penner Linux newbie
Alex Dukat <dukat@cis.ohio-state.edu> on 06/08/99 08:31:20 PM
To: Debian Firewall <debian-firewall@lists.debian.org>
cc: (bcc: Harry Penner/JSI)
Subject: A question to ask.
I have a simple firewall at home for my own personal use. It is the same
computer I use for the day to day tasks. I am using a 2.2 kernel and
would like to know of a simple solution to say allow me to use http
outbound, but not allow anyone access it coming in. Can this be done or
do I have to just allow traffic both ways? I already have a solution in
place of allowing traffic both ways, but am interested in if there is a
more secure way. Thanks
Alex
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: