On 6/2/11 4:21 PM, Tom Eastep wrote: > > I've already explained why Shorewall must pass INVALID packets through > the rules chain (initial installation). In addition, some users set > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose to provide > "connection pickup". If INVALID packets were dropped early, that > wouldn't work.
And before you ask, connection pickup is described at http://security.maruhn.com/iptables-tutorial/x4436.html -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
