Date: Sat, 04 Oct 2003 14:06:50 -0400 From: Chuck Swiger <cswiger@mac.com> To: Roderick van Domburg <r.s.a.vandomburg@student.utwente.nl> Cc: freebsd-ipfw@freebsd.org Subject: Re: When to use setup keyword? Message-ID: <3F7F0C3A.7070403@mac.com> In-Reply-To: <007d01c38a9e$73883cc0$6ba55982@gog> References: <006b01c38a90$dea3b420$6ba55982@gog> <3F7EFDFA.4060703@fork.pl> <007d01c38a9e$73883cc0$6ba55982@gog>
next in thread | previous in thread | raw e-mail | index | archive | help
Roderick van Domburg wrote: [ ... ] > I know, but HTTP/1.1 does allow for ``threaded sessions'', so to speak. What > I don't know without glancing at any RFC's is whether HTTP/1.1 clients open > multiple sockets on port 80 or several sockets in the dynamic range. Clients using HTTP/1.1 multiplex several requests over a single TCP connection to port 80 on the web server. > Hence my question: which services require the setup keyword and which don't? None of them do, in one sense-- you can write a valid and useful firewall ruleset without ever using the 'setup' keyword. If you know what you are doing, you might want to distinguish between 'setup' versus 'established' connections for logging purposes or fine-grained control. In order to do that, you need to understand TCP/IP well enough to know something about the SYN and ACK bits, the three-way handshake used for TCP connection setup, and so forth. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F7F0C3A.7070403>