> Uh, no. [Not sure about the diagram, but you've missed the important
> change].
i think that the way the chains work is an important change... but
stateful filtering is a pretty big step (pity that is playing catch up
with IP filter and most commercial firewalls)
> That skript kiddie can no longer attack your machine, unless you're
> FTPing to his host.
you can also make sure that the handshake between hosts occur, avoiding
spoofed packets... (ie. drop all packets for a connection that you haven't
seen the SYN -> SYN/ACK -> ACK for)
later
marty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
