Re: Filtering http packet

Graeme Slogrove (graeme@fast.co.za)
Sat, 2 Aug 1997 16:32:18 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Peter Evans: "Re: A recommended RADIUS configuration?"
Previous message: Mark Conway Wirt: "Re: A recommended RADIUS configuration?"
Maybe in reply to: Yohannes A Sulistyono: "Filtering http packet"
Next in thread: Robert Sanders: "Re: Filtering http packet"

On 1 Aug 97 at 15:22, Yohannes A Sulistyono wrote:

> Is this filter below enough to work properly :
>
> input filter : permit 0.0.0.0/0 202.152.0.251/32 tcp dst eq 80
> output filter : permit 202.152.0.251/32 0.0.0.0/0 tcp src eq 80

No, the returned data from the HTTP server will not come from port
80. You must all all data from that server to be returned. Don't
forget this guy won't be able to do DNS lookups either, even for the
hostname you're restricting him to.

Graeme

---
FastLight Data Distribution cc - Your Internet 'Solution' Provider
Tel +27-(0)11-706-0212                      Fax +27-(0)11-706-0812
                                           Info :  info@fast.co.za
http://www.fast.co.za                      Sales: sales@fast.co.za

Next message: Peter Evans: "Re: A recommended RADIUS configuration?"
Previous message: Mark Conway Wirt: "Re: A recommended RADIUS configuration?"
Maybe in reply to: Yohannes A Sulistyono: "Filtering http packet"
Next in thread: Robert Sanders: "Re: Filtering http packet"