[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: question about SPF (mr Meskes, I suppose?)

On Wed, Mar 22, 2000 at 01:23:35PM +0100, Tamas TEVESZ wrote:
> just one remark. the only thing everyone seemed to forget to mention
> is that filtering udp packets is [simple?] packet filtering, not
> stateful packet filtering, as udp is stateless by nature.

Yes, udp is stateless, but we are talking about a stateful filter i.e. a
firewall that keeps track of all open connections and enables packets to get
in if and only if a connections was initiated from the inside.

And this works for udp as well. For instance my spf sets up a rule everytime
I query a name server. But if I do not do that no udp packet from port 53 on
the internet may enter.

Michael Meskes                         | Go SF 49ers!
Th.-Heuss-Str. 61, D-41812 Erkelenz    | Go Rhein Fire!
Tel.: (+49) 2431/72651                 | Use Debian GNU/Linux!
Email: Michael@Fam-Meskes.De           | Use PostgreSQL!

Reply to: