TCP established flag & ipfw rule
J.T. Davies
jtd at hostthecoast.org
Sat Feb 28 16:48:22 PST 2004
Hello everyone,
I'm on the road to setting up a (hopefully) secure firewall to keep the bad
people out.
I got to thinking -- I see (semi-frequently) in docs a rule at the top of
the list much like:
ipfw add 100 allow ip from any to any established
...and here's where the thinking part comes in...
Is it possible to (spoof isn't the correct verbage) override the TCP flags
on packets, thereby defeating the intent of the aforementioned rule? I
mean, if I had the knowledge (and the evil intent to do so) to create a
program that added the EST flag onto the TCP packets...rule 100 would accept
the packet, thereby allowing access to anything behind the firewall...no?
Thoughts? Or is this a non-issue due to the stringent authoring of the
TCP/IP protocol?
Thanks!
J.T.
More information about the freebsd-ipfw
mailing list