Thread: [Fwbuilder-discussion] Reverse log entries since upgrading
Brought to you by:
mikehorn
From: Steve C. <cam...@cn...> - 2004-10-19 14:29:11
|
As an afterthought, could the problem I described in my earlier post possibly be the result of having the "Accept TCP sessions opened prior to firewall restart" checked? Is this a good thing to have checked, in any case? Thanks. Steve Campbell cam...@cn... Charleston Newspapers |
From: misiu_ <mi...@gm...> - 2004-10-19 15:11:49
|
Am Di, den 19.10.2004 schrieb Steve Campbell um 16:28: > As an afterthought, could the problem I described in my earlier post > possibly be the result of having the "Accept TCP sessions opened prior to > firewall restart" checked? Is this a good thing to have checked, in any > case? No, as far as I see it, this woul'd happen if the "Accept TCP..." is not checked. If it comes from 20,21 or 80 it coul'd be a response. Whitch makes the source port 80. take a lock at the "3 way handshake" the firewall remembers the connections in the "statetable". on activation, the statetable is cleared and the firewall has no clue about a established connection. so if a packet with a ack-flag is set, it thinks that the connetion was established before. if the "Accept .." is not checked, the firewall drops connections that where not initiated with a syn-flag. thus woul'd give the entry SPT=3D80 DPT=3D6345 action=3Ddrop. misiu |