On 31/01/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
And you can save me a 15min drive to test: I've just setup a Dlink 604T for my sister. Everything OUT is allowed in the filter setup. is ESTABLISHED,RELATED permitted back or do I have to explicitly allow WWW, MAIL and SSH back? (There are no services offered)
Doesn't make sense to have to open these ports if you don't serve anything on them - practically any normal TCP clients use some random TCP ports automatically assigned to them by the system when they connect(2) so you can't tell before the connect(2) which port should be opened back. That's what "stateful firewall" (http://en.wikipedia.org/wiki/Stateful_firewall) is all about. Also it wouldn't make much sense to allow any TCP packet out without automatically allowing the returning traffic. So without knowing this particular model (I have a 504g), I'd expect you to be covered in that area. --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html