Re: NetFilter connection tracking
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday 19 November 2002 07:04, you wrote:
> If it is a client machine and has a default DROP policy on
> incoming packets, then ALLOW packets associated with open
> connections. You probably don't need any other special
> rules. Just set up policies to allow OUTPUT packets on the
> ports you want. Only associated packets will be accepted IN.
Thanks for the feedback. All I am still a little worried about is what
are associated packets, I guess. So suppose I initiate a non-anonymous
FTP session, I've seen that generate ident packets. Are these
associated? Similar worries about other protocols.
- --
Olaf Meeuwissen
GnuPG key: 91114EAF/C3E1 2D40 C7CC AEB2 FB15 8BDF 60C2 5B3F 9111 4EAF
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE94f3zYMJbP5ERTq8RAjN5AKCAyPxuehx4PzfXJq80+2gja8pTtQCeMUv+
pp38qUZv8BkiWZ0u9d2dZLk=
=WFzS
-----END PGP SIGNATURE-----
Reply to: