Philip Rueegsegger wrote:
>
> Hi all
>
> I am also highly interested in this thread !
>
Hehe, in scarcety of responces ?
> regards
> Phibo
>
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
If you are (were) a student of the school
Chapman and Zwicky "Building Internet Firewalls" O'Reilly,
you may be impressed by ipfilter. It doesn't need pre-open
large ranges of output ports to pass back responces.
As Jason wrote in this thread, keep state does the trick.
So, in case your host is hijacked, it would be difficult
to use it as trinoo master or daemon, for example.
horio shoichi
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
