Re: Interesting article about punching holes in firewalls...

NetFilter

Re: Interesting article about punching holes in firewalls...

To:	Mail List - Netfilter <netfilter@lists.netfilter.org>
Subject:	Re: Interesting article about punching holes in firewalls...
From:	Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
Date:	Tue, 19 Dec 2006 12:46:54 +0100
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
In-reply-to:	<Pine.LNX.4.64.0612191128180.11364@blackhole.kfki.hu>
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Organization:	Plouf !
References:	<45860240.2040102@riverviewtech.net> <1166426813.8007.10.camel@anduril.intranet.cartel-securite.net> <4587B400.6080206@rtij.nl> <Pine.LNX.4.64.0612191128180.11364@blackhole.kfki.hu>
Sender:	netfilter-bounces@lists.netfilter.org
User-agent:	Mozilla Thunderbird 1.0.6 (Windows/20050716)

Jozsef Kadlecsik a écrit :

The article must be corrected at one place: the claim: "After anoutgoing SYN packet the firewall / NAT router will forward incomingpackets with suitable IP addresses and ports to the LAN even if they failto confirm, or confirm the wrong sequence number (ACK). Linux firewalls atleast, clearly fail to evaluate this information consistently." isoutdated and not true for 2.6 kernels.


For *recent* 2.6 kernels, with "recent" meaning 2.6.9 and above.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Interesting article about punching holes in firewalls..., Grant Taylor Re: Interesting article about punching holes in firewalls..., Martijn Lievaart Re: Interesting article about punching holes in firewalls..., Pascal Hambourg Re: Interesting article about punching holes in firewalls..., Cedric Blancher Re: Interesting article about punching holes in firewalls..., Martijn Lievaart Re: Interesting article about punching holes in firewalls..., Cedric Blancher Re: Interesting article about punching holes in firewalls..., Martijn Lievaart Re: Interesting article about punching holes in firewalls..., Cedric Blancher Re: Interesting article about punching holes in firewalls..., Jozsef Kadlecsik Re: Interesting article about punching holes in firewalls..., Pascal Hambourg <= Re: [LARTC] Interesting article about punching holes in firewalls..., Carl-Daniel Hailfinger Re: [LARTC] Interesting article about punching holes in firewalls..., Torsten Luettgert Re: [LARTC] Interesting article about punching holes in firewalls..., Stephen Hemminger

Previous by Date:	Re: Interesting article about punching holes in firewalls..., Jozsef Kadlecsik
Next by Date:	Generating pseudo-packets with netfilter, Dai MIKURUBE
Previous by Thread:	Re: Interesting article about punching holes in firewalls..., Jozsef Kadlecsik
Next by Thread:	Re: [LARTC] Interesting article about punching holes in firewalls..., Carl-Daniel Hailfinger
Indexes:	[Date] [Thread] [Top] [All Lists]