nanog mailing list archives
Re: I don't need no stinking firewall!
From: Jay Hennigan <jay () west net>
Date: Tue, 05 Jan 2010 13:18:47 -0800
Jason Shearer wrote:
Doesn't using the established allow any packet with ACK/RST set
Yes, as would be expected for legitimate return traffic for a TCP connection initiated from a browser inside the firewall.
and wouldn't you have to allow all high ports?
That's what the ">" is for. Cisco syntax "gt" (greater than).The point is that either of these will deny unsolicited new connection attempts from the outside to TCP 22 (and 445, 135, etc.)
-- Jay Hennigan - CCIE #7880 - Network Engineering - jay () impulse net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Current thread:
- Re: I don't need no stinking firewall!, (continued)
- Re: I don't need no stinking firewall! Valdis . Kletnieks (Jan 06)
- RE: I don't need no stinking firewall! Brian Johnson (Jan 06)
- Re: I don't need no stinking firewall! Jared Mauch (Jan 06)
- Re: I don't need no stinking firewall! William Waites (Jan 06)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 06)
- Re: I don't need no stinking firewall! juttazalud (Jan 06)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 06)
- Re: I don't need no stinking firewall! Jay Hennigan (Jan 05)
- RE: I don't need no stinking firewall! Jason Shearer (Jan 05)
- Re: I don't need no stinking firewall! Jay Hennigan (Jan 05)
- Re: I don't need no stinking firewall! Henry Yen (Jan 05)
- Re: I don't need no stinking firewall! Peter Hicks (Jan 05)
- Re: I don't need no stinking firewall! Brielle Bruns (Jan 05)
- Re: I don't need no stinking firewall! Tony Finch (Jan 05)
- Re: I don't need no stinking firewall! Mark Smith (Jan 05)
- Re: I don't need no stinking firewall! William Herrin (Jan 05)