Hi All,
****************************************************************************
*****
I'm posting the below on behalf of one of my colleagues:
****************************************************************************
*****
I hope somebody can assist me in finding information about this...
Please consider the following argument:
"Although the TCP sequence numbers may get sent to the log file (if
logging is turned on for a rule), if it not present in the "state table"
(/proc/net/ip_conntrack), then it is not used to maintain state.
However, I cannot verify that Firewall-1 does this as well (although any
good firewall should), and tests conducted on older versions of
Firewall-1 indicate that it did not used to use sequence numbers as part
of state verification (and may still not use them). "
Can anybody PLEASE tell me:
1. if the sequence numbers are actually used in iptables to MAINTAIN the
state of a connection, or if it is merely used to ESTABLISH connections,
and thereafter ignored.
2. point me towards documentation confirming or denying this.
Thank you very much
Jacques Botha
[EMAIL PROTECTED]
South Africa
___________________________________________________________________________________________________
The views expressed in this email are, unless otherwise stated, those of the author
and not those
of the FirstRand Banking Group or its management. The information in this e-mail is
confidential
and is intended solely for the addressee. Access to this e-mail by anyone else is
unauthorised.
If you are not the intended recipient, any disclosure, copying, distribution or any
action taken or
omitted in reliance on this, is prohibited and may be unlawful.
Whilst all reasonable steps are taken to ensure the accuracy and integrity of
information and data
transmitted electronically and to preserve the confidentiality thereof, no liability
or
responsibility whatsoever is accepted if information or data is, for whatever reason,
corrupted
or does not reach its intended destination.
________________________________
