On Wed, Mar 22, 2000 at 01:23:35PM +0100, Tamas TEVESZ wrote: > just one remark. the only thing everyone seemed to forget to mention > is that filtering udp packets is [simple?] packet filtering, not > stateful packet filtering, as udp is stateless by nature.
Yes, udp is stateless, but we are talking about a stateful filter i.e. a firewall that keeps track of all open connections and enables packets to get in if and only if a connections was initiated from the inside. And this works for udp as well. For instance my spf sets up a rule everytime I query a name server. But if I do not do that no udp packet from port 53 on the internet may enter. Michael -- Michael Meskes | Go SF 49ers! Th.-Heuss-Str. 61, D-41812 Erkelenz | Go Rhein Fire! Tel.: (+49) 2431/72651 | Use Debian GNU/Linux! Email: [email protected] | Use PostgreSQL!
