somez72 <(E-Mail Removed)> wrote:
> Dear.
> what is packet filtering and stateful inspection in linux?
> Could some one can give me clear explain... how they are diffrent?
Packet filtering is a form of firewalling. It's just looking at the
headers of packets (usually source and destination addresses and ports)
and deciding whether to let that packet through. In a non-stateful
firewall, to allow a SSH connection through my firewall, from inside to
outside, I would have to add two rules
inside -> outside:
accept TCP packets with a destination port of 22
outside -> inside:
accept TCP packets with a source port of 22
The closure of this isn't very accurate however. There are a number of
packets that can get through. For instance, a packet could get through,
even if the SYN packet (that would be sent at the start of the
connection) has not been seen. This allows a fragment attack.
With a stateful firewall, we only need to match one packet for TCP
connections, the SYN packet. We also include a special rule near the
start of the firewall, that tells the (statefull) firewall to let
through any packets that are part of (or related to) an already accepted
connection. Our firewall becomes more like the following.
(This is a common rule, at the start of the firewall)
let through packets that are part of an established connection.
inside -> outside:
accept TCP SYN packets with a destination port of 22.
> or Do some one have easy reference site for it?
www.netfilter.org contains essential reading material on Linux
firewalling.
> And does linux firewall support stateful inspection?
Yes, as of Linux 2.4. This is provided by iptables.
--
Cameron Kerr
(E-Mail Removed) :
http://nzgeeks.org/cameron/
Empowered by Perl!
Similar Threads
Linear Mode
