[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Statefull packet inspection in SuSEfirewall2


Is it there any way to configure stateful packet inspection rules in
SuSEfirewall2 for masquerade networks? When I configure a rule in
FW_MASQ_NETS in order to allow traffic from the outside to the DMZ, I
also have to configure a rule for responses.

Example: Incoming traffic to my web server in a DMZ with private addresses


I also need to set up the following rules in order to let responses out


This rule permits not only established sessions, but additionally it
allows my web server to establish connections to the outside world.

Don?t know why the FW_FORWARD rules are stateful as I want, but
FW_MASQ_NETS ones don?t.

Any suggestion?
Is it possible to math the SYN, ACK and FIN TCP bits with SuSEfirewall2?

Thanks in advance.
Pablo Ronco

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here