Firewalls in FreeBSD?
Lowell Gilbert
freebsd-questions-local at be-well.ilk.org
Fri Oct 31 10:27:43 PDT 2008
Jeremy Chadwick <koitsu at FreeBSD.org> writes:
> On Fri, Oct 31, 2008 at 12:35:30PM -0400, Lowell Gilbert wrote:
>> Okay, I guess I'm a little confused by the line about "ONLY allow data
>> back on these ports IF the windows box has established the connection
>> out first then deny everything else." I read that as saying that the
>> Windows box had sent a packet on the same connection (4-tuple, at
>> least) that should be later accepted heading *to* the Windows box.
>> That's just a stateful rule, and it seems to be at odds with what you
>> wrote in your first message in the thread. The apparent disagreement
>> was why I said anything in the first place; it sounds like there's
>> more than one model of how the game works.
>
> I understand the confusion. Here's the actual protocol that the game
> appears to be using (since the OP has stated forwarding a port range to
> his LAN PC solves the problem -- meaning, his original description of
> how the game protocol worked is accurate):
I see. If that is the case, then the word "connection" in the line I
quoted from Jack Barnett does *not* mean a TCP session, but something
a little more nebulous. "Game session" might cover it.
[I *was* aware of that possible confusion, which was why I specified
an address/port tuple as the definition of "connection."]
Sorry for the distraction; I see that (short of a deep-inspection
snooping of the protocol), what has already been done is as good as
you can get.
--
Lowell Gilbert, embedded/networking software engineer, Boston area
http://be-well.ilk.org/~lowell/
More information about the freebsd-questions
mailing list