Firewall rules

Alex S Moore asmoore@edge.net
Mon Sep 13 14:07:17 UTC 2004


On Mon, 2004-09-13 at 08:35, Vernon Schryver wrote:
> Unless your firewall is stateful and has been taught about the DCC
> protocol, I don't see how to make that work.  The trouble is that
> the following sequence is valid:

Yes, it is stateful and I defined the DCC protocol the same as a DNS
Query to the external network with the port number changed.

> Unless your firewall is smart enough to know that a legitimate incoming
> UDP packet from a distant port 6277 to a local port must always be
> preceded by an outgoing packet from that same local port to port 6277
> at that same distant IP address within 30 seconds, I don't see how to
> address the worry.

Yes, it is my understanding that exactly what you said is how it works. 
However, I am not sure about the length of my time limit.

Thanks, Alex





More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.