From owner-freebsd-ipfw@FreeBSD.ORG Sat Feb 28 16:48:22 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7951816A4CE for ; Sat, 28 Feb 2004 16:48:22 -0800 (PST) Received: from bsd1.hostthecoast.org (dsl-230-142.ipns.com [209.210.230.142]) by mx1.FreeBSD.org (Postfix) with SMTP id DF17443D1F for ; Sat, 28 Feb 2004 16:48:19 -0800 (PST) (envelope-from jtd@hostthecoast.org) Received: (qmail 2011 invoked from network); 29 Feb 2004 00:49:02 -0000 Received: from unknown (HELO host1) (10.2.1.51) by bsd1.hostthecoast.org with SMTP; 29 Feb 2004 00:49:02 -0000 Message-ID: <001101c3fe5e$1ae25f90$3301020a@hostthecaost.org> From: "J.T. Davies" To: Date: Sat, 28 Feb 2004 16:51:02 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: TCP established flag & ipfw rule X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Feb 2004 00:48:22 -0000 Hello everyone, I'm on the road to setting up a (hopefully) secure firewall to keep the bad people out. I got to thinking -- I see (semi-frequently) in docs a rule at the top of the list much like: ipfw add 100 allow ip from any to any established ...and here's where the thinking part comes in... Is it possible to (spoof isn't the correct verbage) override the TCP flags on packets, thereby defeating the intent of the aforementioned rule? I mean, if I had the knowledge (and the evil intent to do so) to create a program that added the EST flag onto the TCP packets...rule 100 would accept the packet, thereby allowing access to anything behind the firewall...no? Thoughts? Or is this a non-issue due to the stringent authoring of the TCP/IP protocol? Thanks! J.T.