Hi,
the "truth, I believe in" is:
For a first packet of the connection, the rulebase has to be traversed,
until one rule fits. Then it will be passed because of this rule (Exception
if you have rule authenticating the user). The event of accepting this
first packet is stored in the State Tables.
When another packet of this connection comes to the Firewall, it's
tested against the "basic rules" (e.g. packet size, options, Anti-Spoofing)
and then against the State Tables. The connection is stored here, so the
rest of the rulebase isn't important for this packet.
Hope it helps,
best regards,
Matthias
http://www.fw-1.de
"Holland, Stephen" wrote:
According
to this article http://www.phoneboy.com/faq/0181.html
each connection attempt through CP is required to traverse the entire rule
base.In my training
I thought I was told once a rule matches a connection attempt the connection
is accepted or dropped.Is this not
the case with CP?
|