5 Jan
2010
5 Jan
'10
4:18 p.m.
Jason Shearer wrote:
Doesn't using the established allow any packet with ACK/RST set
Yes, as would be expected for legitimate return traffic for a TCP connection initiated from a browser inside the firewall.
and wouldn't you have to allow all high ports?
That's what the ">" is for. Cisco syntax "gt" (greater than). The point is that either of these will deny unsolicited new connection attempts from the outside to TCP 22 (and 445, 135, etc.) -- Jay Hennigan - CCIE #7880 - Network Engineering - jay@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV