Hello,
Matthew Babcock a écrit :
> Please excuse the delayed response.
No problem.
> To answer your question, no I cannot, yet.
>
> However, I can demonstrate iptables following what the "state" be on UDP
> packets using DNS.
[...]
> You should see as I do, that the UDP DNS request are logged under the
> state NEW, and that the response was logged under the state ESTABLISHED.
Nothing new here. UDP possible states are :
- NEW for a datagram creating a new connection or belonging to a
"connection" which has seen traffic only in one direction ;
- ESTABLISHED for a datagram belonging to a "connection" which has seen
traffic in both directions ;
- RELATED when a conntrack helper expects a UDP datagram related to an
existing connection (e.g. TFTP or SIP).
Note that this is not specific to UDP, conntrack does the same with all
connectionless protocols.
> I consider this, iptables differentiating between "New" and
> "Established" UDP "connections", reason to extrapolate that iptables can
> follow state in UDP packets such as flagging on "Invalid" or out of
> state UDP packets.
UDP is connectionless by nature, so how would you define the INVALID
state of a UDP datagram ?
> I aim to try and create an "Invalid" UDP state packet. I will follow up
> if I try regardless of the outcome.
Good luck. I meant it.
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/51819463.8000606@plouf.fr.eu.org
1 comment:
I really love your website.. Pleasant colors & theme. Did you create this site yourself?
Please reply back as I'm looking to create my own blog and would love to learn where you got this from or exactly what the theme is called. Thank you!
Also visit my homepage :: handy goldendoodle vs labradoodle stuff
Post a Comment