[solved] Ping does it establish a connection? no

schmeggahead · Last edited by schmeggahead on Mon May 25, 2009 2:30 pm; edited 1 time in total

From shorewall's standpoint, if I allow one system to ping another, will that allow any subsequent communication if I have allows established connections?

(When I added dhcpd, it seems to be pinging the dns server and going back for a renew of the lease if the ping is not allowed).

aceFruchtsaft · Posted: Fri Apr 24, 2009 9:51 pm Post subject:

Of course not. That would defeat the purpose of a firewall if you were allowed to connect to any services after establishing a connection to some service which is permitted.

Statefull packet inspection matches established connections according to at least the layer 4 protocol (TCP, UDP, ICMP) and the source and destination ports and addresses used.
For example, on a statefull firewall which blocks all incoming and outgoing traffic except for SSH (port 22), if you connect from 192.168.0.2:5000 to an ssh server at 192.168.0.1:22 then the TCP
connection from 192.168.1.2:5000 <-> 192.168.0.1:22 is considered established and the firewall passes through packets belonging to this connection without a specific outbound rule which permits this.

Still, the firewall would not allow you to ping 192.168.0.1 from 192.168.0.2 even if the ssh connection is established.

magic919 · Posted: Sat Apr 25, 2009 8:39 am Post subject:

defenderBG · l33t Joined: 20 Jun 2006 Posts: 817

is layer 3, because it is part of the ip (l3)
ICMP [1] relies on IP to perform its tasks, and it is an integral part of IP. It differs in purpose from transport protocols such as TCP and UDP in that it is typically not used to send and receive data between end systems. It is usually not used directly by user network applications, with some notable exceptions being the ping tool and traceroute.
http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol

aceFruchtsaft · Posted: Sat Apr 25, 2009 8:50 am Post subject: