On Wed, Nov 15, 2000 at 02:32:10AM +0000, Jim Breton wrote:
> What good does filtering output do?
Hi, I've gotten a few responses to this so far, thanks for the help. In
my particular case, I am running a DNS cache (DJB's dnscache) which
sends its queries from local ports 1025-65535, randomly selected. In
such a case, I need to allow outbound UDP packets from those ports, with
a dst port of 53, as well as inbound from 53 with a dst to those same
ports. I realize this would allow a UDP scan of my high ports (with the
src port set to 53) to succeed, but I really don't have anything running
there anyway.
It just didn't seem to make much sense to me to filter outbound packets,
but this raises another question: with a stateful packet filter like
ipfilter, would it not be possible for me to match inbound UDP packets
to recent outbound packets and only allow those responses in? (Perhaps
with an expiration of 30 secs or so.) Of course with TCP we can do this
easily using the SYN flag, but lacking any such feature in UDP, and not
having any experience (yet) with stateful filtering tools, I wonder if
this is one of their capabilities.
Thanks again.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
