Re: ipf: interaction of "in" and "out" rules

To: Edgar Fuß <ef%math.uni-bonn.de@localhost>
Subject: Re: ipf: interaction of "in" and "out" rules
From: Hauke Fath <hauke%Espresso.Rhein-Neckar.DE@localhost>
Date: Fri, 24 Jul 2015 21:43:36 +0200

On Fri, 24 Jul 2015 14:00:00 +0200, Edgar Fuß wrote:
> If I have a (non-quick) ipf rule blocking a packet on the incoming side, 
> will a rule on the outgoing side "see" that packet, i.e., is it possible
> to over-rule the "block in" decision with a "pass out" rule?

If you have the "pass out" rule keep state, then yes, since the 
incoming response will be recognized as belonging to this same stateful 
connection.

Otherwise, no.

hauke

-- 
Hauke Fath                        <hauke%Espresso.Rhein-Neckar.DE@localhost>
Ernst-Ludwig-Straße 15
64625 Bensheim
Germany

References:
- ipf: interaction of "in" and "out" rules
  - From: Edgar Fuß

Prev by Date: Re: ipf: interaction of "in" and "out" rules
Next by Date: Re: Removing ARCNET stuffs
Previous by Thread: Re: ipf: interaction of "in" and "out" rules
Indexes:

Home | Main Index | Thread Index | Old Index