Re: TCP question
On Mon, 13 Mar 2000, Michael Meskes wrote:
> I'm currently working on the next version of the statefule packet filter
> (spf) that I packaged for Debian. This program has an option
> ALLOW_ESTABLISHED_TCP that is enabled by default and I wonder if this really
> is a good idea.
> What this option does is allow all packets that are part of an established
> TCP connection. Or in other words the input chains has an ACCEPT rule that
> lists neither source nor destinatioan address but only asks for the SYN bit
> not set.
excuse me ?
am i understing right that this allows the inbound side of
(claimed to be) established connections _that do not have an entry in
the state table_ ? (ie. never been ``initialized'' properly, at
least without the fw putting an entry in the state table?)
if it's so, then, imho, it's crap. if not, then either the fw has some
seriuos problems (connections made through it and it does not know
about), or i don't get the whole picture at all...
kazmer at any cost !