All,
One of the problem with ports is that you don't want it open to anyone at anytime ... but..... on occasion you do want it open to a specific host. Normally this is handled by ACL's and giving only a specific host this kind of access. But this is an all or nothing proposition in that it is a static solution. The need I'm wondering about is whether or not this kind of access can be dynamic and controlled from a local host. By way of example. Say I have an application that runs on port 28735 tcp and udp. Now I don't want that port open all the time. Nor do I want the listener to accept data from any arbitrary application that tries to knock. What I'm wondering is if I can set up a rule that would say in affect. "If I didn't call you first you can't talk to me." What happens is that the local box contacts a dynamic distant end, and accepts data from that distant end, but if the local box doesn't initiate the conversation that port is not open. It also would have to be open only for the box contacted, at the time of contact and not open to it once contact is broken. (Kind of like a phone system I saw in Asia where you could do outgoing calls but not incoming.) The second situation would be a rule that says. Knock first. So say the distant end (DE) could send an e-mail saying "I have something for you contact me." Then when you start the contact it will be able to send it. I hope this isn't too rambling... Or considered off topic. If so I apologize in advance. James
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
