Susefirewall2 (v1.2): DNS handling
Hello, I've just installed FW-2. The transition from FW-1 to FW-2 was trivial, maybe too trivial: Some of the rules should be obsolete by now, specially the rules for DNS: Why is "connection" tracking for UDP not used? Ciao Jörg -- Jörg Mayer <jmayer@loplof.de> Signature fault, brain dumped
On Tuesday 03 July 2001 20:12, you wrote:
Hello,
Sorry if my reaction is very late... I didn't see any replies yet though.
I've just installed FW-2. The transition from FW-1 to FW-2 was trivial, maybe too trivial: Some of the rules should be obsolete by now, specially the rules for DNS: Why is "connection" tracking for UDP not used?
UDP is, alas, a connection-less protocol, therefore connection-tracking would be impossible with UDP. Or, maybe through some genius hack it could be possible to "track" obvious "answers" to previous packets, but UDP itself is still "stateless". I do not know if such a thing could be possible, recognizing UDP replies by examining the packet-workload, but it is impossible from the headers because it is stateless. IIRC, correct me if I'm wrong. Maarten
Ciao Jörg
-- Maarten J H van den Berg van Boetzelaer van Bemmel, informatie- en netwerktechnologie http://vbvb.nl T 020-4233288 F 020-4233286 G 06-51994273
participants (2)
-
Jörg Mayer -
Maarten van den Berg