Nate Karstens wrote: > Looking at the example exchange (Request and Reply Option 2, as Reply Option > 1 is currently prohibited), > how would the firewall handle this if we remove the Request message and just > have Reply Option 2 > (we’ll keep its name even though it’s no longer a reply)?
It would be dropped since it's an unsolicited inbound message. Only the Request makes it solicited and allowed. > Presumably this is an application on 10.1.1.1 running a UDP service on port > 1234. Yes. > How would the host firewall on 10.1.1.1 have to be configured to allow > traffic to this service? It would have to be configured to be a "server" on 1234, and allow unsolicited inbound traffic. > Or is it more that you’re pointing out that normally the Request message > would cause the > host firewall on 10.1.1.1 to allow replies back to port 1234 as long as the > original packet’s > destination port is used as the source port of the reply? Right. > In other words, Reply Option 1 would work with host firewalls while Reply > Option 2 would not? Right. Dave _______________________________________________ Int-area mailing list -- [email protected] To unsubscribe send an email to [email protected]
