Steve Shah wrote:
> > if it breaks, and if it does I'll open 53. I'm also thinking of blocking all
> > incoming TCP SYN packets on all ports with
>
> This might break some protocols that need to open ports back up from
> the server to the client. (e.g. active ftp) I dunno about other stuff
> like Real Audio or Quicktime, but I do know they have weird proxy
> needs.
Protocols which make server-to-client connections could be considered
broken by design. They are always the first things to stop working
when a firewall/proxy/masq box/etc gets inserted between the client
and the Internet.
There isn't any solution to this (other than shooting software
designers who make silly assumptions, e.g. that it will be possible to
make inbound connections to the client host).
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
