Here are two simple rulesets:
OR:
The difference is that the second ruleset has 'setup' modifying the rule that lets in the traffic we want.
From what I can tell, in actual day to day use, these two rulesets behave identically.
Am I correct:
I *think* the difference between these is that the second ruleset (with 'setup') is slightly stricter because TCP *fragments* that are not part of any connection would be allowed through the first ruleset, but would be blocked by the second ruleset.
Because only a TCP fragment would be *neither* part of connection setup *nor* part of an established connection.
Is that correct ?
Code:
10 allow tcp from any to any established
20 allow tcp from any to any 22
65535 deny ip from any to any
Code:
10 allow tcp from any to any established
20 allow tcp from any to any 22 setup
65535 deny ip from any to any
From what I can tell, in actual day to day use, these two rulesets behave identically.
Am I correct:
I *think* the difference between these is that the second ruleset (with 'setup') is slightly stricter because TCP *fragments* that are not part of any connection would be allowed through the first ruleset, but would be blocked by the second ruleset.
Because only a TCP fragment would be *neither* part of connection setup *nor* part of an established connection.
Is that correct ?
Last edited by a moderator: