[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: usage of 'keep state' option used in PF rulesets

To: "'Han'" <han@mijncomputer.nl>, <misc@openbsd.org>
Subject: Re: usage of 'keep state' option used in PF rulesets
From: "Christopher Hylarides" <hylaride@sheridanc.on.ca>
Date: Fri, 15 Mar 2002 13:20:55 -0500

>Off course it is not done in manpages to specify "Some popular stack
implementations"
>May I ask you to specify them here?

Some of the worst implimentations I've heard of have come from many
embeded devices (such as printers, mp3 servers, etc).  Though most of
those should be blocked at the firewall anyways.  There are some things
(such as those webcam servers or some firewall/NAT boxes such the
linksys routers(though I don't know if the linksys routers themselves
are problematic)) that are designed to go out to the internet, though.
If you've got win 9x boxes, older NT (pre SP 5), or any devices that I
mentioned behind your firewall, you should definitely modulate state.
Otherwise, you should be fine.

Regards,
Christopher H. Hylarides
hylaride@sheridanc.on.ca

References:
- Re: usage of 'keep state' option used in PF rulesets
  - From: Han <han@mijncomputer.nl>

Prev by Date: Re: Theo Quoted by ZDNet?
Next by Date: Re: usage of 'keep state' option used in PF rulesets
Prev by thread: Re: usage of 'keep state' option used in PF rulesets
Next by thread: Re: usage of 'keep state' option used in PF rulesets
Index(es):
- Date
- Thread