how statefull firewall works for udp?

Blake Hudson blake at ispn.net
Fri Jan 21 13:40:33 CST 2011


These protocols have their own headers, as well as the IP header that
the firewall can use to maintain state. The difference between them and
TCP is that these protocols are connectionless. Thus, the firewall does
not know when the connection has closed. The typical solution to this is
to have an arbitrary (often user configurable) timer that allows the
firewall to remove old connections from the firewall's state table. A
similar process also occurs with TCP, albeit with a much longer timeout,
because of the possibility of connections not being closed correctly.

--Blake

-------- Original Message  --------
Subject: how statefull firewall works for udp?
From: Tarig Ahmed <tariq198487 at hotmail.com>
To: nanog at nanog.org list <nanog at nanog.org>, African Network Operators
<afnog at afnog.org>
Date: Friday, January 21, 2011 12:39:51 PM
> Dear All
> Hi
>
> Default configuration for statefull firewall is to allow traffic form
> TRUST ZONE to UNTRUST ZONE.
>
> As I Know those device will use some feilds in the TCP Header.
>
> But, how the firewall will handle this policy for none TCP traffics
> (udp, icmp, and IPsec)?
>
> I think understanding this will help me in the designing.
>
> Thanks
>





More information about the NANOG mailing list