Frozen Fido : RU.UNIX.BSD : Re: ipfw and keep-state

ru.unix.bsd

 
 - RU.UNIX.BSD ------------------------------------------------------------------
 From : Valentin Davydov                     2:5020/400     20 Jul 2007  12:32:43
 To : Vadim Goncharov
 Subject : Re: ipfw and keep-state
 --------------------------------------------------------------------------------

 >   From: Vadim Goncharov <vadimnuclight@tpu.ru>
 >   Date: Fri, 20 Jul 2007 07:36:26 +0000 (UTC)
 >
 > >>> Обратный TCP трафик эффективнее разрешить правилом allow tcp from any to
 > >>> any established. Динамические правила лучше создавать только для исходящих
 > >>> UDP.
 > VS>> Вопрос был не как лучше сделать, а почему не работает данная
 > VS>> конструкция. В ней есть ошибка? Возможно, какой-то неочевидный мне
 > VS>> момент с порядком прохождения пакетов через ipfw?
 > VS>> Hасчёт established спорно. Пропускать пакет от кого попало только на
 > VS>> том основании, что на нём есть ACK bit?
 > >> Hу, допустим, что в обычных условиях так теоретически можно нахакерить.
 > >> Hо за NAT-то с чего? Так что в этом случае вполне можно.
 > VS> Пожалуй ты прав, NAT сам по себе stateful, особенно с -deny_incoming.
 >
 >Я больше имел в виду то, что серые адреса - unrouteable. Левые пакеты на
 >машины снаружи просто не могут прилететь (разве что из directly-attached
 >к роутеру сети, но решается включением antispoof или verrevpath в ipfw).
 
 Попробуй запустить трэйс на серый адрес. У меня с одного из роутеров четыре 
 живых хопа было видно, каждый следующий дефолт для предыдущего.
 
 Вал. Дав.
 --- ifmail v.2.15dev5.3
  * Origin: Demos online service (2:5020/400)

Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор

Тема:	Автор:	Дата:
ipfw and keep-state	Victor Sudakov	19 Jul 2007 11:11:35
Re: ipfw and keep-state	Kirill Nuzhdin	19 Jul 2007 11:36:24
Re: ipfw and keep-state	Victor Sudakov	19 Jul 2007 12:40:38
Re: ipfw and keep-state	Kirill Nuzhdin	19 Jul 2007 13:04:22
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 06:33:16
ipfw and keep-state	Vadim Guchenko	19 Jul 2007 11:41:58
Re: ipfw and keep-state	Kirill Nuzhdin	19 Jul 2007 11:48:36
Re: ipfw and keep-state	Victor Sudakov	19 Jul 2007 12:48:41
ipfw and keep-state	Vadim Guchenko	19 Jul 2007 13:12:56
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 06:37:17
Re: ipfw and keep-state	Alex Bakhtin	20 Jul 2007 12:14:39
Re: ipfw and keep-state	Victor Sudakov	23 Jul 2007 09:05:40
Re: ipfw and keep-state	Vadim Goncharov	23 Jul 2007 10:26:49
Re: ipfw and keep-state	Victor Sudakov	24 Jul 2007 10:31:35
Re: ipfw and keep-state	Andrew Filonov	24 Jul 2007 15:19:44
ipfw and keep-state	Andrew Alcheyev	24 Jul 2007 18:21:00
Re: ipfw and keep-state	Victor Sudakov	24 Jul 2007 18:53:55
Re: ipfw and keep-state	Vadim Goncharov	24 Jul 2007 20:27:52
Re: ipfw and keep-state	Victor Sudakov	25 Jul 2007 05:48:22
ipfw and keep-state	Andrew Alcheyev	25 Jul 2007 10:26:00
Re: ipfw and keep-state	Andrew Filonov	25 Jul 2007 09:07:35
ipfw and keep-state	Andrew Alcheyev	25 Jul 2007 12:12:00
Re: ipfw and keep-state	Andrew Filonov	26 Jul 2007 09:25:57
ipfw and keep-state	Andrew Alcheyev	27 Jul 2007 13:12:01
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 12:18:11
Re: ipfw and keep-state	Vadim Goncharov	25 Jul 2007 15:42:35
Re: ipfw and keep-state	Andrew Filonov	26 Jul 2007 09:30:59
Re: ipfw and keep-state	Vadim Goncharov	26 Jul 2007 16:33:40
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 09:08:52
ipfw and keep-state	Max Khon	31 Jul 2007 13:03:50
Re: ipfw and keep-state	Andrew Filonov	31 Jul 2007 11:53:51
Re: ipfw and keep-state	Vadim Goncharov	25 Jul 2007 15:41:35
ipfw and keep-state	Andrew Alcheyev	27 Jul 2007 12:53:00
Re: ipfw and keep-state	Vadim Goncharov	28 Jul 2007 21:08:04
Re: ipfw and keep-state	Vadim Goncharov	25 Jul 2007 15:32:56
Re: ipfw and keep-state	Alexey Kouznetsov	25 Jul 2007 12:12:40
Re: ipfw and keep-state	Vadim Goncharov	25 Jul 2007 15:39:29
Re: ipfw and keep-state	Alexey Kouznetsov	26 Jul 2007 11:36:20
Re: ipfw and keep-state	Vadim Goncharov	26 Jul 2007 16:26:06
Re: ipfw and keep-state	Andrew Filonov	26 Jul 2007 16:47:45
ipfw and keep-state	Vadim Guchenko	23 Jul 2007 12:54:04
Re: ipfw and keep-state	Alex Bakhtin	23 Jul 2007 13:49:07
ipfw and keep-state	Vadim Guchenko	20 Jul 2007 14:00:51
Re: ipfw and keep-state	Vadim Goncharov	21 Jul 2007 16:15:44
ipfw and keep-state	Vadim Guchenko	23 Jul 2007 12:54:34
Re: ipfw and keep-state	Vadim Guchenko	28 Jul 2007 01:05:07
Re: ipfw and keep-state	Vadim Goncharov	28 Jul 2007 21:20:06
Re: ipfw and keep-state	Vadim Guchenko	28 Jul 2007 23:26:38
Re: ipfw and keep-state	Vadim Goncharov	02 Aug 2007 22:26:12
Re: ipfw and keep-state	Vadim Goncharov	19 Jul 2007 19:43:14
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 06:38:17
Re: ipfw and keep-state	Vadim Goncharov	20 Jul 2007 11:36:26
Re: ipfw and keep-state	Valentin Davydov	20 Jul 2007 12:32:43
Re: ipfw and keep-state	Vadim Goncharov	21 Jul 2007 16:57:52
Re: ipfw and keep-state	Vadim Goncharov	19 Jul 2007 19:56:47
ipfw and keep-state	Serge V.Panchenko	26 Jul 2007 17:13:27
Re: ipfw and keep-state	Victor Sudakov	27 Jul 2007 09:08:21
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 09:18:57
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 10:57:45
Re: ipfw and keep-state	Victor Sudakov	27 Jul 2007 12:11:09
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 12:24:45
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 13:03:00
Re: ipfw and keep-state	Victor Sudakov	27 Jul 2007 12:10:38
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 12:23:44
ipfw and keep-state	Alex Semenyaka	30 Jul 2007 04:00:12
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 06:56:45
Re: ipfw and keep-state	Andrew Filonov	30 Jul 2007 09:38:31
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 11:31:33
Re: ipfw and keep-state	Andrew Filonov	30 Jul 2007 11:47:12
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 13:06:02
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 13:03:00
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 07:02:51
Re: ipfw and keep-state	Vadim Goncharov	28 Jul 2007 20:32:18
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 06:37:10
ipfw and keep-state	Serge V.Panchenko	30 Jul 2007 13:18:38
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 14:34:52
ipfw and keep-state	Leizer A. Karabin	31 Jul 2007 08:43:49
Re: ipfw and keep-state	Eugene Grosbein	31 Jul 2007 09:53:10
ipfw and keep-state	Alex Semenyaka	31 Jul 2007 16:39:12
Re: ipfw and keep-state	Eugene Grosbein	01 Aug 2007 00:51:10
ipfw and keep-state	Alex Semenyaka	31 Jul 2007 21:05:30
Re: ipfw and keep-state	Eugene Grosbein	01 Aug 2007 09:56:16
Re: ipfw and keep-state	Eugene Grosbein	01 Aug 2007 09:58:18
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 09:45:02
Re: ipfw and keep-state	Eugene Grosbein	01 Aug 2007 14:47:26
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 20:34:54
Re: ipfw and keep-state	Eugene Grosbein	02 Aug 2007 11:27:21
ipfw and keep-state	Alex Semenyaka	07 Aug 2007 02:12:40
ipfw and keep-state	Ilya Kulagin	01 Aug 2007 08:40:54
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 10:25:26
Re: ipfw and keep-state	Valentin Davydov	01 Aug 2007 12:06:28
Re: ipfw and keep-state	alexander lunyov	01 Aug 2007 14:38:04
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 20:35:22
Re: ipfw and keep-state	Valentin Davydov	02 Aug 2007 13:27:27
Re: ipfw and keep-state	alexander lunyov	02 Aug 2007 14:08:47
ipfw and keep-state	Ilya Kulagin	01 Aug 2007 14:09:10
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 20:37:56
Re: ipfw and keep-state	Valentin Davydov	01 Aug 2007 11:53:22
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 20:26:42
Re: ipfw and keep-state	Valentin Nechayev	02 Aug 2007 12:20:39
Re: ipfw and keep-state	alexander lunyov	02 Aug 2007 14:08:47
ipfw and keep-state	Alex Semenyaka	07 Aug 2007 02:13:38
ipfw and keep-state	Leizer A. Karabin	08 Aug 2007 15:33:43
Re: ipfw and keep-state	Valentin Davydov	02 Aug 2007 13:27:27
ipfw and keep-state	Alex Semenyaka	07 Aug 2007 02:15:26
ipfw and keep-state	Serge V.Panchenko	02 Aug 2007 17:07:08
Re: ipfw and keep-state	Eugene Grosbein	02 Aug 2007 20:51:54
Re: ipfw and keep-state	Vadim Goncharov	02 Aug 2007 22:26:42
Re: ipfw and keep-state	Victor Sudakov	03 Aug 2007 05:51:46
Re: ipfw and keep-state	Vadim Goncharov	04 Aug 2007 21:50:13
Re: ipfw and keep-state	Victor Sudakov	05 Aug 2007 09:48:21
Re: ipfw and keep-state	Vadim Goncharov	05 Aug 2007 18:04:53
ipfw and keep-state	Andrew Kant	04 Aug 2007 10:01:23
Re: ipfw and keep-state	Vadim Goncharov	04 Aug 2007 21:52:15
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 10:57:45
Re: ipfw and keep-state	Victor Sudakov	27 Jul 2007 12:11:39
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 13:02:59
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 06:39:11
ipfw and keep-state	Alex Mogilnikov	30 Jul 2007 15:37:13
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 14:34:21
ipfw and keep-state	Serge V.Panchenko	30 Jul 2007 20:27:01
ipfw and keep-state	Alex Mogilnikov	19 Jul 2007 20:19:07
Re: ipfw and keep-state	Vadim Goncharov	19 Jul 2007 19:51:46
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 06:51:48
Re: ipfw and keep-state	Vadim Goncharov	20 Jul 2007 11:48:00
Re: ipfw and keep-state	Andrew Filonov	20 Jul 2007 09:34:09
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 09:43:45
Re: ipfw and keep-state	Andrew Filonov	20 Jul 2007 10:17:57
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 11:14:12

Архивное /ru.unix.bsd/65773a6f95db.html, оценка 2 из 5, голосов 10