15 Jun
2003
15 Jun
'03
12:18
On Sun, 2003-06-15 at 13:53, Carlos E. R. wrote:
If the packet rejected is part of an ongoing conversation, it should not not matter if I close every port on the firewall, because it is a response, and thus will get in.
Not necessarily. You would have to allow packets of state ESTABLISHED, otherwise everything would be blocked.
I'l try to set up ethereal or something to try capture dns conversations. Now, I wonder how to fire up ethereal (or soemthing else) automatically when networks goes up - perhaps tcpdump would be better [...]
Let us know what you find out. I've suspected for a while that there is something subtly wrong in the SuSEfirewall, but I've never suffered enough from it to muster up the energy to research it :)