Thanks -- that provided the perfect definition :)
P.S -- I like your quotes that get added
Michael.
On Tue, 9 Dec 2003 20:15:49 +0000
Antony Stone <Antony@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Tuesday 09 December 2003 7:54 pm, Michael Gale wrote:
>
> > Seems like a dumb question -- I guess what I really should be asking is how
> > secure is "-m state --state ESTABLISHED" ?
>
> As far as I'm aware, the strength of this rule is exactly the same as whatever
> rules you have allowing NEW connections to become ESTABLISHED.
>
> In other words, I think the simpler version of the rule is perfectly good
> enough. Specifying things like the source port adds nothing, because the
> connection tracking system is already based on {source,destination}{IP,port}.
>
> If packets which you don't want seem to be coming in as ESTABLISHED, then
> there's something wrong with what you accepted as NEW in the first place.
>
>
> Antony.
>
> --
> If the human brain were so simple that we could understand it,
> we'd be so simple that we couldn't.
>
> Please reply to the list;
> please don't CC me.
>
>
--
Michael Gale
Network Administrator
Utilitran Corporation
