Hi,
>
>Wow, you have killed all my supposed knoledgue about netfilter stateful
>inspection :))), thanks por the lesson, but the next question will be... and
>how can I implement a fully connection-state aware filtering ?.
>
>I could check SYN/ACK bits in filtering rules, but I can't imagine how I can
>block TCP sessions that have not had a SYN/ACK handshake before.
>
Check out this URL:
http://www.cs.princeton.edu/~jns/security/iptables/iptables_conntrack.html
for more info on this. It also explains what you want to achieve.
Regards,
Filip
Title: RE: Possible BUG in NetFilter conecction state module (testing HA enviroment)
- RE: Possible BUG in NetFilter conecction state module (testi... Sneppe Filip
- Re: Possible BUG in NetFilter conecction state module (... Sancho Lerena
- Sneppe Filip
