Firewall Wizards mailing list archives
Re: SSL
From: teo () gecadsoftware com
Date: Wed, 17 Oct 2001 16:32:46 +0300
Hi Crumrine,! On Tue, 16 Oct 2001, Crumrine, Gary L wrote:
Just a quick question on SSL. If I allow SSL outbound, and a user browses a web site that is corrupt with something harmful like NIMDA, is it possible that they will infect my network... and will the firewall not pass it along without checking?
If you allow SSL only for already established connection, I don't think so.
If true, how can I combat this? Is there a product that will stop the packets and inspect them before being returned to the requester?
I guess, in terms of iptables if you add -m state --state ESTABLISHED,RELATED to accepted packets from outside then you are safe. -- teodor _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards