On Fri, Oct 31, 2008 at 01:27:40PM -0400, Lowell Gilbert wrote: > Jeremy Chadwick <[EMAIL PROTECTED]> writes: > > > On Fri, Oct 31, 2008 at 12:35:30PM -0400, Lowell Gilbert wrote: > > >> Okay, I guess I'm a little confused by the line about "ONLY allow data > >> back on these ports IF the windows box has established the connection > >> out first then deny everything else." I read that as saying that the > >> Windows box had sent a packet on the same connection (4-tuple, at > >> least) that should be later accepted heading *to* the Windows box. > >> That's just a stateful rule, and it seems to be at odds with what you > >> wrote in your first message in the thread. The apparent disagreement > >> was why I said anything in the first place; it sounds like there's > >> more than one model of how the game works. > > > > I understand the confusion. Here's the actual protocol that the game > > appears to be using (since the OP has stated forwarding a port range to > > his LAN PC solves the problem -- meaning, his original description of > > how the game protocol worked is accurate): > > I see. If that is the case, then the word "connection" in the line I > quoted from Jack Barnett does *not* mean a TCP session, but something > a little more nebulous. "Game session" might cover it. > > [I *was* aware of that possible confusion, which was why I specified > an address/port tuple as the definition of "connection."] > > Sorry for the distraction; I see that (short of a deep-inspection > snooping of the protocol), what has already been done is as good as > you can get.
Nah, it's cool -- the misunderstanding is... understandable. :-) I've never seen a game behave this way (specifically, the gameserver initiating a *brand new connection* rather than utilising an existing one, or having the client initiate a connection to the server -- in which case, a stateful firewall will work perfectly and no firewall rules are needed). -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"