|
||||||||
Il 08/09/2011 21:44, Anders Hagman ha scritto: > You are right, but not knowing exactly how ipfiler works here is a > thought. > The default behavior is to deny all incoming traffic and you must specify a permit rule to allow your traffic through. > Because the firewall is stateful it will create a dynamic rule to shortcut the filter table. > > so.. > > You have to do your incoming filter anyway. > Even if we do an outgoing filer does the firewall test it at all? > No, I'm quite confident you don't need any "pass in" rule. When a "pass out" rule has been accepted, it should go in a "cache" table of already accepted connections, exactly like it does now. I thing nothing else should change. Hope someone of monowall development can answer, but I'm pretty confident it will work exactly like now. If I don't go wrong, when the FW goes in checking stage, it checks in cache table if connections has already been accepted, otherwise scans the rules table. For fw there should be no difference if rule is "pass in" or "pass out". Regards, Tonino > BR > Anders > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > -- ------------------------------------------------------------ Inter@zioni Interazioni di Antonio Nati http://www.interazioni.it tonix at interazioni dot it ------------------------------------------------------------ |