Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 1080 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connecion tracking for UDP?

ErikFranzen
This is a basic question, however I have not come to an answer.

When I set a packet filter role allowing outgoing udp packet, let say a DNS query.

How does the packet filter handle the UDP reply? Do I need to have a rule which allows incoming UDP packets or does the connection tracking solve this?


This thread was automatically locked due to age.
  • 0
    As far as I know, Astaro is a statefull firewall, so if you define an outgoing rule, it will automatically allow replies for this rule.  In your example, if you allow outgoing DNS traffic, replies to DNS requests from within your internal network will be allowed and delivered to the internal client that requested in the first place.
  • 0
    If I understand correctly, you are both right: conntrac makes the Astaro statefull