Daniel Pittman wrote: > ... >>So, probably, the best way to go is allowing the R/E packets alongside their >>"new state" counterparts. It also clarifies where the packets are accepted >>and WHY. Also, "iptables -v" should be a lot more useful than before. > > > That was my point, basically. Thanks for actually saying it in a clear > and comprehensible fashion. Daniel, would you mind showing me an example of what you think is a wise/correct/whatever use of R/E rules? The reason i'm trying to work through all of this is that i'm a Shorewall developer and would like to make sure it works in a way that makes security sense to other firewall users. -- Paul <http://paulgear.webhop.net> -- Did you know? Using Microsoft Internet Explorer can make your computer less secure. Find out more at <http://browsehappy.com>.
Attachment:
signature.asc
Description: OpenPGP digital signature