nanog mailing list archives
Re: I don't need no stinking firewall!
From: Henry Yen <henry () AegisInfoSys com>
Date: Mon, 11 Jan 2010 15:52:05 -0500
On Thu, Jan 07, 2010 at 22:55:25PM -0800, Jay Hennigan wrote:
Nenad Andric wrote:On Tue Jan 05, 2010 at 01:04:01PM -0800, Jay Hennigan <jay () west net> wrote:Or better: - Allow from anywhere port 80 to server port > 1023 establishedAdding "established" brings us back to stateful firewall!Not really. It only looks to see if the ACK or RST bits are set. This is different from a stateful firewall which memorizes each outbound packet and checks the return for a match source/destination/sequence.
That's (cisco) reflexive access lists. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Current thread:
- Re: I don't need no stinking firewall!, (continued)
- Re: I don't need no stinking firewall! William Waites (Jan 06)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 06)
- Re: I don't need no stinking firewall! juttazalud (Jan 06)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 06)
- Re: I don't need no stinking firewall! William Waites (Jan 06)
- Re: I don't need no stinking firewall! Jay Hennigan (Jan 05)
- RE: I don't need no stinking firewall! Jason Shearer (Jan 05)
- Re: I don't need no stinking firewall! Jay Hennigan (Jan 05)
- Re: I don't need no stinking firewall! Henry Yen (Jan 05)
- Re: I don't need no stinking firewall! Peter Hicks (Jan 05)
- Re: I don't need no stinking firewall! Brielle Bruns (Jan 05)
- Re: I don't need no stinking firewall! Tony Finch (Jan 05)
- Re: I don't need no stinking firewall! Mark Smith (Jan 05)
- Re: I don't need no stinking firewall! William Herrin (Jan 05)
- Re: I don't need no stinking firewall! Sean Donelan (Jan 05)