There is a simple solution if you are using ipchains. You have to filter on the ACK or SYN bit in addition to the port. (Most Novell and NT-based firewalls use the ACK bit; ipchains uses the SYN bit). Basically the first packet in an IP conversation always has the SYN bit set and the ACK bit cleared. Subsequent packets in that same conversation all have the ACK bit set and the SYN bit cleared.
What you need are rules in the firewall that do the folllowing: Inbound: Accept TCP packets on port 80 that have the SYN flag cleared Outbound: Accept TCP packets on port 80 regardless of the state of the SYN flag Take a look in the ipchains howto for the syntax (and a better explanation of the above). Harry Penner Linux newbie Alex Dukat <[EMAIL PROTECTED]> on 06/08/99 08:31:20 PM To: Debian Firewall <[email protected]> cc: (bcc: Harry Penner/JSI) Subject: A question to ask. I have a simple firewall at home for my own personal use. It is the same computer I use for the day to day tasks. I am using a 2.2 kernel and would like to know of a simple solution to say allow me to use http outbound, but not allow anyone access it coming in. Can this be done or do I have to just allow traffic both ways? I already have a solution in place of allowing traffic both ways, but am interested in if there is a more secure way. Thanks Alex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
