Firewall / active filter question
Jeremy Oberg
jeroberg at comcast.net
Fri Dec 13 17:51:59 CST 2002
I believe you're asking about stateless and stateful packet inspection.
ipchains was stateless (it doesn't do connection tracking), however
iptables (in the 2.4 kernels) is stateful and keeps a connection log for
this purpose.
-Jeremy
----- Original Message -----
From: Jared Smith <jared at trios.org>
Subject: Firewall / active filter question
> I don't know much about firewalls, so forgive me
> if I'm suggesting something that already exists or
> is not technically possible.
>
> As I understand firewalls, they block all ports
> except those specifically opened, and they forward
> IPs to internal addresses, therefore masking
> what's happening on the inside of the network.
>
> This is passive. What I lay awake last night
> thinking was, what about filtering in an active
> manner? With an active filter, the only packets
> acceptible are those which have been specifically
> requested. You'd have a buffer which kept track of
> all outgoing requests, and waited for a few minutes
> to receive them. Everything else would be rejected.
>
> Seems like this would make it impossible for people
> to hack in, unless they were actively monitoring
> outgoing packets. While this wouldn't work for a
> server (which needs to accept arbitrary hits), it
> would work for a surfer.
>
> Does this already exist?
>
> -Jared
>
>
>
>
>
>
>
> majordomo at kclug.orgEnter without the quotes in body of message
>
More information about the Kclug
mailing list