When to use setup keyword?
Chuck Swiger
cswiger at mac.com
Sat Oct 4 11:06:54 PDT 2003
Roderick van Domburg wrote:
[ ... ]
> I know, but HTTP/1.1 does allow for ``threaded sessions'', so to speak. What
> I don't know without glancing at any RFC's is whether HTTP/1.1 clients open
> multiple sockets on port 80 or several sockets in the dynamic range.
Clients using HTTP/1.1 multiplex several requests over a single TCP connection
to port 80 on the web server.
> Hence my question: which services require the setup keyword and which don't?
None of them do, in one sense-- you can write a valid and useful firewall
ruleset without ever using the 'setup' keyword.
If you know what you are doing, you might want to distinguish between 'setup'
versus 'established' connections for logging purposes or fine-grained control.
In order to do that, you need to understand TCP/IP well enough to know something
about the SYN and ACK bits, the three-way handshake used for TCP connection
setup, and so forth.
--
-Chuck
More information about the freebsd-ipfw
mailing list