[AusNOG] ACL question
Paul Wilkins
paulwilkins369 at gmail.com
Fri Dec 2 16:35:06 EST 2016
Doable on a router. You should block any packets with SYN set. Allowing RST
is a possible DOS vector.
A firewall requires a duplex session to maintain state.
Kind regards
Paul Wilkins
On 2 December 2016 at 13:51, Alex Samad <alex at samad.com.au> wrote:
> Hi
>
> having a blonde moment.
>
> I want to set an ACL to allow TCP streams through a firewall where there
> is asymmetric routing in place. So a stream that might be initiated via a
> different path, comes via this router mid stream
>
> If I allow tcp packets that have ACK and/or RST. that should cover all
> packets in a tcp stream after the initial hand shake.
>
>
> Alex
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20161202/47f0b45e/attachment.html>
More information about the AusNOG
mailing list