Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 28 Feb 2004 16:51:02 -0800
From:      "J.T. Davies" <jtd@hostthecoast.org>
To:        <freebsd-ipfw@freebsd.org>
Subject:   TCP established flag & ipfw rule
Message-ID:  <001101c3fe5e$1ae25f90$3301020a@hostthecaost.org>

next in thread | raw e-mail | index | archive | help
Hello everyone,

I'm on the road to setting up a (hopefully) secure firewall to keep the bad
people out.

I got to thinking -- I see (semi-frequently) in docs a rule at the top of
the list much like:

ipfw add 100 allow ip from any to any established

...and here's where the thinking part comes in...

Is it possible to (spoof isn't the correct verbage) override the TCP flags
on packets, thereby defeating the intent of the aforementioned rule?  I
mean, if I had the knowledge (and the evil intent to do so) to create a
program that added the EST flag onto the TCP packets...rule 100 would accept
the packet, thereby allowing access to anything behind the firewall...no?

Thoughts? Or is this a non-issue due to the stringent authoring of the
TCP/IP protocol?

Thanks!
J.T.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001101c3fe5e$1ae25f90$3301020a>