[EMAIL PROTECTED] wrote: > I'm having a torrid time with our security guys at the moment. They are > extremely suspicious of the Linux firewall (running on RedHat 7.2) and I > need some information/proof to throw at them (along with a couple of > handgrenades!! :-)))) . > > Here are my list of questions. If anybody could help, or point me towards > some documentation, I'd be eternally grateful. > > 1) How does netfilter maintain it's state table? I understand that one can > view it in the /proc/ip_conntrack file, but does this give me a full picture > of the state table? > > 2) Does the state stable keep things like IP sequence numbers so that > session hijacking can be avoided, and an interface label (e.g eth0) that the > state is for? > > 3) How would one go about confirming that netfilter does FULL stateful > checking? > > 4) Is there any way to alter the default session timeout periods without > having to recompile the kernel?
That's why I wrote iptstate - it displays IP Tables' states in a top-like mannger: http://home.earthlink.net/~jaymzh666/iptstate/ Phil -- Insanity Palace of Metallica http://www.ipom.com [EMAIL PROTECTED] --
