This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Packet Filtering

I've noticed that on someother appliances such as netscreen that in packet filtering that they have a button to click on that automatically turns the rule you have creadted into a bi direcional rule.

This could be a usefull thing in ASL4+

This thread was automatically locked due to age.

0 cyclops over 22 years ago

JJC,

hhmmm 'INTERNAL ANY ANY ALLOW' turns into 'ANY ANY INTERNAL ALLOW' seems not very useful to me?

Greetings
Cyclops
Cancel
Vote Up 0 Vote Down

Cancel
0 tank over 22 years ago

[ QUOTE ]
I've noticed that on someother appliances such as netscreen that in packet filtering that they have a button to click on that automatically turns the rule you have creadted into a bi direcional rule.

This could be a usefull thing in ASL4+

[/ QUOTE ]

Because IPTables are statefull, it does in a sense create a bi-directional rule.  You do not need to specfically allow the return connections of http in order to use a web browser, you just need the outgoing rule.  The connection tracking will identify the return packet as part of the same connection.

Note, it is a bad idea to create the incoming packets with astaro unless you need it for running a server.
Cancel
Vote Up 0 Vote Down

Cancel