On Wed, Jan 21, 2004 at 08:29:32AM -0500, fbsd_user wrote:
[...]
> As far as the question of using keep-state rules on both the private
> and public interfaces this is cross population of the single
> stateful table and returning packets are being matched to entries in
> the stateful table which do not belong to the interface the original
> enter was posted from. This is an logic error and invalidates the
> function of the purpose of the whole stateful concept.
A logic error is only there is something doesn't work. The proposed
solution works, so there is no logic error. I can't see how the stateful
concept has been invalidated - the mechanism works as intended. What
you've presented is a matter of opinion rather than any concrete example
as to why the proposed solution is insecure.
--
Jonathan Chen <[EMAIL PROTECTED]>
----------------------------------------------------------------------
The human mind ordinarily operates at only ten percent of its capacity
-- the rest is overhead for the operating system.
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
