I don't need no stinking firewall!
Henry Yen
henry at AegisInfoSys.com
Mon Jan 11 20:52:05 UTC 2010
On Thu, Jan 07, 2010 at 22:55:25PM -0800, Jay Hennigan wrote:
> Nenad Andric wrote:
> > On Tue Jan 05, 2010 at 01:04:01PM -0800, Jay Hennigan <jay at west.net> wrote:
>
> >> Or better:
> >> - Allow from anywhere port 80 to server port > 1023 established
> >
> > Adding "established" brings us back to stateful firewall!
>
> Not really. It only looks to see if the ACK or RST bits are set. This
> is different from a stateful firewall which memorizes each outbound
> packet and checks the return for a match source/destination/sequence.
That's (cisco) reflexive access lists.
--
Henry Yen Aegis Information Systems, Inc.
Senior Systems Programmer Hicksville, New York
More information about the NANOG
mailing list