Hi All, I hope somebody can assist me in finding information about this...
Please consider the following argument: "Although the TCP sequence numbers may get sent to the log file (if logging is turned on for a rule), if it not present in the "state table" (/proc/net/ip_conntrack), then it is not used to maintain state. However, I cannot verify that Firewall-1 does this as well (although any good firewall should), and tests conducted on older versions of Firewall-1 indicate that it did not used to use sequence numbers as part of state verification (and may still not use them). " Can anybody PLEASE tell me: 1. if the sequence numbers are actually used in iptables to MAINTAIN the state of a connection, or if it is merely used to ESTABLISH connections, and thereafter ignored. 2. point me towards documentation confirming or denying this. Thank you very much Jacques Botha [EMAIL PROTECTED] South Africa ___________________________________________________________________________________________________ The views expressed in this email are, unless otherwise stated, those of the author and not those of the FirstRand Banking Group or its management. The information in this e-mail is confidential and is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted in reliance on this, is prohibited and may be unlawful. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data transmitted electronically and to preserve the confidentiality thereof, no liability or responsibility whatsoever is accepted if information or data is, for whatever reason, corrupted or does not reach its intended destination. ________________________________