[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    firewall and the feedback from a server
From:       "cadu aranha" <oxyopes () googlemail ! com>
Date:       2007-05-07 16:31:58
Message-ID: 98aa46640705070931m30ab0907gee5f521495509f98 () mail ! gmail ! com
[Download RAW message or body]

Hello people,
i want to understand how IP FILTER deals with the feedback
of a certain server, requested for a job.
For example, i connect thru SSH from A to B (port B:22).
From B i send the X11 to A (port A:6010).
My IPFilter config at A hast no explicit rule allowing in B at port 6010,
but only allow out SSH to B. However i can get X11 from B thru
the procedure above.
However, i dont know which mechanism controls that, and how
standard is this opening of ports for the servers feedback.
Maybe in other applications it would not work.
Another example:
I am trying to allow my desktop to print to a network printer by the
following rules:

pass out quick on rl0 proto tcp from $MyIP to $printerIP port = 515
flags S keep state
pass in quick on rl0 proto tcp from $printerIP to $MyIP flags S keep state

How could i do that better?
When do i have to explicit a rule to open for the feedback conection
of a server?
A general explanation of how these feedback controls would be appreciated.
Thanks in advance.
[]s
[prev in list] [next in list] [prev in thread] [next in thread]