Hello people, i want to understand how IP FILTER deals with the feedback of a certain server, requested for a job. For example, i connect thru SSH from A to B (port B:22).
From B i send the X11 to A (port A:6010).
My IPFilter config at A hast no explicit rule allowing in B at port 6010, but only allow out SSH to B. However i can get X11 from B thru the procedure above. However, i dont know which mechanism controls that, and how standard is this opening of ports for the servers feedback. Maybe in other applications it would not work. Another example: I am trying to allow my desktop to print to a network printer by the following rules:
pass out quick on rl0 proto tcp from $MyIP to $printerIP port = 515 flags S keep state pass in quick on rl0 proto tcp from $printerIP to $MyIP flags S keep state How could i do that better? When do i have to explicit a rule to open for the feedback conection of a server? A general explanation of how these feedback controls would be appreciated. Thanks in advance. []s
