Bugtraq mailing list archives
Fwd: Re: Fwd: Re: explanation and code for stream.c issues
From: yardley () UIUC EDU (Tim Yardley)
Date: Fri, 21 Jan 2000 18:52:54 -0600
The rulesets that were suggested by Darren Reed forgot to include the
outgoing connections.
this is the updated rulesets...
block in quick proto tcp from any to any head 100
pass in quick proto tcp from any to any flags S keep state group 100
pass out proto tcp from any to any flags S keep state
pass in all
Brian Kraemer <kraemer () u washington edu> pointed this out with the
following paragraph:
:: FYI this ruleset (with no other rules applied) will also effectively block
:: any outgoing TCP sessions initiated from this machine. The machine will
:: send a SYN, and then get blocked because the input rules never saw an
:: incoming SYN to start keeping state. Thus, the ruleset should be revised.
/tmy
-- Diving into infinity my consciousness expands in inverse
proportion to my distance from singularity
+-------- ------- ------ ----- ---- --- -- ------ --------+
| Tim Yardley (yardley () uiuc edu)
| http://www.students.uiuc.edu/~yardley/
+-------- ------- ------ ----- ---- --- -- ------ --------+
Current thread:
- Fwd: Re: Fwd: Re: explanation and code for stream.c issues Tim Yardley (Jan 21)
- <Possible follow-ups>
- Re: explanation and code for stream.c issues Giorgos Keramidas (Jan 21)
- Re: explanation and code for stream.c issues Vladimir Dubrovin (Jan 22)
- Re: explanation and code for stream.c issues Don Lewis (Jan 22)
- Re: explanation and code for stream.c issues Vladimir Dubrovin (Jan 22)
- Re: explanation and code for stream.c issues Don Lewis (Jan 22)
- Re: explanation and code for stream.c issues Vladimir Dubrovin (Jan 22)