[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: enhaced firewall fetures
Erez Doron wrote:
> I have an idea, but do not know how to implement it
> or if it is already implemented.
>
> the idea is: the ability to add a firewall rull, that will
> watch the outgoing-packet's port, and for some time
> allow connections to that ports for outside.
>
> for tcp it is not nedded because ipfwadm -k
> causes the same results ( though not in the same way)
>
> but it is good for udp, this will let one to accept
> only udp connections that were initiated from inside
>
> is this implemented ?
Not specifically.
> how do i access the kernel developers to talk to them about
> this idea ?
It doesn't necessarily require implementation within the kernel. One
option would be to enable logging (ipfwadm ... -o) of outbound UDP
packets, and have a process which monitors the output and manipulates
the firewall rules appropriately.
--
Glynn Clements <glynn@sensei.co.uk>