Re: Supper Firewall setup with IPFILTER and SNORT

[Phil Dibowitz <phil () ipom com>]

Damnit, hit the wrong button. As I was saying...

Jim here mentions more than one problem, and he's right, but *one* of
the problems I believe he is addressing is adding "flags S" to keep tcp
state rules. I've been hearing more and more reports that this isn't
necessary in the most recent versions of IPF. And while, if you have no
reason *NOT* to use it, it's probably a good idea anyway, if youhave
reasons to use it (like you want connections picked up in the middle
provided they come from inside) it *should* be possible these days to go
without the flags S on those rules. BUT they ARE (afaik) still certainly 
required for the return-rst rules.


--
Phil Dibowitz                             phil () ipom com
Freeware and Technical Pages              Insanity Palace of Metallica
http://home.earthlink.net/~jaymzh666/     http://www.ipom.com/

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
 - Benjamin Franklin, 1759




-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users