Re: [Nufw-users] nufw in production environments

nufw-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nufw-users] nufw in production environments

From:	Vincent Deffontaines
Subject:	Re: [Nufw-users] nufw in production environments
Date:	Thu, 28 Apr 2005 15:19:58 +0200 (CEST)
User-agent:	SquirrelMail/1.4.4

Javier de Miguel Rodríguez said:
>
>
> One tip... that ONLYworks with tcp. If you use -m state --state NEW to
> QUEUE all protocols should work,
> not only tcp... or am i missing something?
>

Well, conceptually you are 100% right.
However, right now, only TCP is supported.
Why is that? This is a problem on client side.

TCP is easy to track : when a SYN packet has been sent, you just need to
look into the kernel's tables to check for it.

How about UDP? It is much tricker (but still possible) to follow on client
side, due to UDP being stateless.

ICMP is even harder
Other protocols we have not investigated yet.

Hope this is clear enough :)

So, practically, only TCP can be authenticated at this time.

Vincent

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Nufw-users] nufw in production environments, Vincent Deffontaines, 2005/04/27
- Re: [Nufw-users] nufw in production environments, Matthew Branton, 2005/04/27
  - Re: [Nufw-users] nufw in production environments, Vincent Deffontaines, 2005/04/28
- Message not available
  - Re: [Nufw-users] Questions, Vincent Deffontaines, 2005/04/28
- Message not available
  - Re: [Nufw-users] nufw in production environments, Vincent Deffontaines, 2005/04/28
    - Re: [Nufw-users] nufw in production environments, Javier de Miguel Rodríguez, 2005/04/28
    - Re: [Nufw-users] nufw in production environments, Vincent Deffontaines <=

Prev by Date: Re: [Nufw-users] nufw in production environments
Next by Date: Re: [Nufw-users] patch for ppc
Previous by thread: Re: [Nufw-users] nufw in production environments
Next by thread: [Nufw-users] patch for ppc
Index(es):
- Date
- Thread