[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: firewall question



for an example of iptables implementation see:
http://damyen.technion.ac.il/~dani/fw-adsl.sh
Dani

On Tue, 11 Sep 2001, Ira Abramov wrote:

> On Tue, 11 Sep 2001, Nadav Har'El wrote:
>
> > In iptables (the newer 2.4 firewall mechaism) this is not so: the same
> > rule with the necessary syntax changes,
> > 	-A OUTPUT -p TCP --dport whois --sport 1024: -j ACCEPT
> > 	-A INPUT -p TCP ! --syn --sport whois --dport 1024: -j ACCEPT
> > will not be applied to forwarded packets at all.
>
> then what's the point in stateful inspection? :-))))
>
> I'm sure you meant well, but the above example would have flunked you in
> iptables 101.
>
> --
> The man with the golden bun
> Ira Abramov
>
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
>


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il