[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: usage of 'keep state' option used in PF rulesets
>Off course it is not done in manpages to specify "Some popular stack
>May I ask you to specify them here?
Some of the worst implimentations I've heard of have come from many
embeded devices (such as printers, mp3 servers, etc). Though most of
those should be blocked at the firewall anyways. There are some things
(such as those webcam servers or some firewall/NAT boxes such the
linksys routers(though I don't know if the linksys routers themselves
are problematic)) that are designed to go out to the internet, though.
If you've got win 9x boxes, older NT (pre SP 5), or any devices that I
mentioned behind your firewall, you should definitely modulate state.
Otherwise, you should be fine.
Christopher H. Hylarides