Firewall functions: IPTABLES
udp 17 20 src=192.168.1.2 dst=192.168.1.5 sport=137 dport=1025 [UNREPLIED]
src=192.168.1.5 dst=192.168.1.2 sport=1025 dport=137 use=1
When the server notices a reply to the packet, the connection becomes ESTABLISHED.
The wait time between NEW state and ESTABLISHED is determined by the upd_timeout parameter,
whose default value is 30 seconds.
As soon as it is received a flow of UDP packets from the same session, (the packages are a
legitimate answer to the posted package), the status becomes ASSURED and the timeout for this
status is set by the parameter udp_timeout_stream, whose default value is 180 seconds.
udp 17 170 src=192.168.1.2 dst=192.168.1.5 sport=137 dport=1025
src=192.168.1.5 dst=192.168.1.2 sport=1025 dport=137 [ASSURED] use=1
If the connection is not used for 180 seconds, the entry in the table is cancelled. Whenever a packet
crosses the firewall and is accepted, the timeout timer is reset to its default value.
ICMP connections
ICMP packets are not stateful stream since they never establish connections. However there are
some types of packets which generate return packets and as a consequence they can take NEW and
ESTABLISHED status. For example the packets echo request and reply used by ping commands:
The ICMP Echo Request is considered NEW by the firewall, while the Echo Reply causes transition
to the status of ESTABLISHED.
icmp 1 25 src=192.168.1.6 dst=192.168.1.10 type=8 code=0 id=33029
[UNREPLIED] src=192.168.1.10 dst=192.168.1.6 type=0 code=0 id=33029 use=1
The format of the entry is different from TCP and UDP. Three new fields appear:
type: ICMP type
code: ICMP code
id: ICMP id
Each ICMP packet has an ID which is set when it is sent. When a message is received the same ID is
set in the reply message, so that the sender can associate the reply to the message sent. As it can
be noticed, in the section of the expected reply the type and code expected and the sender id
appear.
The connection is considered established as soon as the reply message is intercepted. However,
since there will be no more legal messages associated with this connection after the reply, the entry
will be destroyed.
The ICMP request has a 30 seconds‟ lifetime and it is set by the icmp_timeout parameter.
To Next Page
Loading...
Need help?
General
