RE: Statefull inspection

[Sigmund Vegheim]

Title: RE: Statefull inspection

Sorry, I forgot. The statefull inspection also blocks attempts on beiing a part of already established connections.  

-----Original Message-----
From: Sneppe Filip [mailto:[EMAIL PROTECTED]]
Sent: 24. april 2002 14:50
To: Sigmund Vegheim; [EMAIL PROTECTED]
Subject: RE: Statefull inspection

Sigmund,

Correct. Stuff doesn't just get dropped from the connection tracking,
not even after a script reloads the rules. So you have to be careful
with stuff that is still in /proc/net/ip_conntrack.

Regards,
Filip


-----Original Message-----
From:   Sigmund Vegheim [mailto:[EMAIL PROTECTED]]
Sent:   Wed 24/04/2002 13:53
To:     'Lee Evans'; Netfilter (E-mail)
Cc:    
Subject:        RE: Statefull inspection
Right! Of, course. But this means that I cannot say that iptables walks
through the connection table and drops the already established connections
based on the new ruleset?

Sigmund

> -----Original Message-----
> From: Lee Evans [mailto:[EMAIL PROTECTED]]
> Sent: 24. april 2002 13:45
> To: Sigmund Vegheim; [EMAIL PROTECTED]
> Subject: RE: Statefull inspection
>
>
> It depends - If you have a rule in your firewall to allow ESTABLISHED
> connections through, and this comes *before* the rule to
> dissalow any and
> all ssh traffic, the exisiting connections will fall under
> the first rule
> and the connection will be allowed to continue.
>
> Regards
> Lee
> --
> Lee Evans
> http://www.leeevans.org
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Sigmund Vegheim
> Sent: 24 April 2002 12:37
> To: [EMAIL PROTECTED]
> Subject: Statefull inspection
>
>
> Hello everyone!
>
> Does anybody know if it's right that iptables don't close
> down established
> ssh-connections through the firewall
> when you implement a rule to stop this ssh traffic, and
> restart iptables?
>
> Thanks in advance,
>
> ./Sigmund
>
>
>