Date: Sat, 28 Feb 2004 16:51:02 -0800 From: "J.T. Davies" <jtd@hostthecoast.org> To: <freebsd-ipfw@freebsd.org> Subject: TCP established flag & ipfw rule Message-ID: <001101c3fe5e$1ae25f90$3301020a@hostthecaost.org>
next in thread | raw e-mail | index | archive | help
Hello everyone, I'm on the road to setting up a (hopefully) secure firewall to keep the bad people out. I got to thinking -- I see (semi-frequently) in docs a rule at the top of the list much like: ipfw add 100 allow ip from any to any established ...and here's where the thinking part comes in... Is it possible to (spoof isn't the correct verbage) override the TCP flags on packets, thereby defeating the intent of the aforementioned rule? I mean, if I had the knowledge (and the evil intent to do so) to create a program that added the EST flag onto the TCP packets...rule 100 would accept the packet, thereby allowing access to anything behind the firewall...no? Thoughts? Or is this a non-issue due to the stringent authoring of the TCP/IP protocol? Thanks! J.T.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001101c3fe5e$1ae25f90$3301020a>