On Thu, Jan 07, 2010 at 22:55:25PM -0800, Jay Hennigan wrote: > Nenad Andric wrote: > > On Tue Jan 05, 2010 at 01:04:01PM -0800, Jay Hennigan <j...@west.net> wrote: > > >> Or better: > >> - Allow from anywhere port 80 to server port > 1023 established > > > > Adding "established" brings us back to stateful firewall! > > Not really. It only looks to see if the ACK or RST bits are set. This > is different from a stateful firewall which memorizes each outbound > packet and checks the return for a match source/destination/sequence.
That's (cisco) reflexive access lists. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York