> If think this is done with a cache with all current connections. When
> you clear the table (installing a policy) he just puts this cache
> somewhere and after it has been installed lifting the cache back in
> the system. Why should you put in more effort?
I'm not so sure about that. Like I said, my understanding is that the
connections allowed in are those that might be possible given the outgoing
rules. That way it can dynamically rebuild the state table without having
to re-establish the connection. If something claiming to be established
from outsidebox:80 is allowed to insidebox:4005 then if insidebox doesn't
reset the connection but rather responds to it, then it was "surely" part of
an established session, allowing the firewall to add it to the table.
il Phone: +972-2-6795860 (PGP key available)
Fight Internet Spam! http://www.vix.com/spam/ Disclaimer: My opinions only.
Description: PGP signature