to use or not to use stateful capabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear All

  For letting outside clients to access the webserver behind the
firewall:

  I want to know, what is the difference
1.   if I use connection states in rules tp accept for forwarding in the
firewall rulset:

Conn. State             -s                     -d                --proto
  -sport        -dport      SYN   ACK

New               outside_client    web_server         tcp       <1024  
       80     Yes   No
Established   web_server       outside_client      tcp       80         
     <1024 Yes   No
Established   outside_client    web_server         tcp       <1024      
   80     No   Yes
Established   web_server        outside_client     tcp       80         
     <1024 No   Yes


2.   or simple fwd rules:

iptables -t filter -A FORWARD -p tcp -s $WEBSERVER --sport 80 -d $OUT -j
ACCEPT
iptables -t filter -A FORWARD -p tcp -d $WEBSERVER --dport 80 -s $OUT -j
ACCEPT


I have a little knowledge about statefulness of the firewall, and can
not underestand what is the deference in such a case. I mean
practically.

Regards
__Radien__
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux