Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] true or false

To: [email protected]
Subject: Re: [FW-1] true or false
From: Matthias Leu <[email protected]>
Date: Tue, 20 Nov 2001 20:49:44 +0100
Organization: AERAsec Network Services and Security GmbH
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi,
the "truth, I believe in" is:
For a first packet of the connection, the rulebase has to be traversed, until one rule fits. Then it will be passed because of this rule (Exception if you have rule authenticating the user). The event of accepting this first packet is stored in the State Tables.
When another packet of this connection comes to the Firewall, it's tested against the "basic rules" (e.g. packet size, options, Anti-Spoofing) and then against the State Tables. The connection is stored here, so the rest of the rulebase isn't important for this packet.
Hope it helps,
best regards,
Matthias

http://www.fw-1.de

"Holland, Stephen" wrote:

According to this article http://www.phoneboy.com/faq/0181.html each connection attempt through CP is required to traverse the entire rule base.In my training I thought I was told once a rule matches a connection attempt the connection is accepted or dropped.Is this not the case with CP?

References:
- [FW-1] true or false
  - From: "Holland, Stephen" <[email protected]>

Prev by Date: Re: [FW-1] list of ports used in exploits/hacks
Next by Date: [FW-1] Log problem.
Previous by thread: [FW-1] true or false
Next by thread: Re: [FW-1] true or false
Index(es):
- Date
- Thread