Henning, Can you expand on "I consider this flags filtering stupid.", do you mean using S/SA is good, bad, or do you mean something else?
Dom - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Tel. 07855 805 271 http://www.devitto.com mailto:[EMAIL PROTECTED] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Henning Brauer Sent: Tuesday, July 22, 2003 2:43 PM To: [EMAIL PROTECTED] Subject: Re: stateful filters affect queue filters On Tue, Jul 22, 2003 at 02:55:47AM -0700, Trevor Talbot wrote: > Also note that most of your rules are a bit "loose" as far as TCP > goes. > The upside is that they'll pick up existing connections when you > reboot/reconfigure the firewall, but you may want to get more control > over which direction connections are initiated from by using "flags > S/SA" with all of them. It depends on your situation; this is just a > heads up. I consider this flags filtering stupid. -- Henning Brauer, BS Web Services, http://bsws.de [EMAIL PROTECTED] - [EMAIL PROTECTED] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
