[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    keep state
From:       John Wojtowicz <wojtowij () tcs-sec ! com>
Date:       1999-05-27 10:16:07
[Download RAW message or body]

Just attempting to verify something that I think is correct:

given two separate rulesets:


1).

block in all
block out all

pass out tcp any port > 1023 to any port = 25 keep state


2).

block in all
block out all

pass out tcp any port > 1023 to any port = 25
pass in tcp any port = 25 to any port > 1023 flags A/A



Is 1. a valid substitute for 2. if your concerned about sequence,
as well as only allowing outgoing connections?  Is there any reason
NOT to use 1. rather than 2.?

John
--
John Wojtowicz, Secure Systems Engr.  ph:    (703) 318-7134
Trusted Computer Solutions, Inc.      fax:   (703) 318-5041
13873 Park Center Rd. Suite 225       email: jwojtowicz@tcs-sec.com
Herndon, VA  20171                    http://www.tcs-sec.com/

[prev in list] [next in list] [prev in thread] [next in thread]