On Wed, May 24, 2000 at 10:31:14AM +0930, Ben Nagy wrote:
> Are you sure that the "forward with replies" in the GUI is stateful? I was
> under the impression that it just filtered statically on the ACK bit.
The documentation's description of how "forward with replies" works
sounds like something stateful:
When a connection is initiated from the source defined in the
rule, the kernel delivers the packet to its destination, just as
it would with a forward rule. In addition, when the destination
replies to the source, the kernel delivers the reply packets back
to the source, bypassing the proxies. To do this, the kernel
caches information about active connections. Replies are only
forwarded if there is an active connection initiated by the
source in the rule. If there is no active connection, packets
that look like replies are denied.
Or I might just be a fool for believing documentation. :) A sniffer
on one side and a packet generator on the other should be able to find
out for sure.
> Additionally, I'm pretty sure that there is nothing that you can do
> via the GUI that you can't do by editing the config files directly.
Cool! Hopefully, someone will post how to do this. :)
- Morty
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
