win -:|:- koi -:|:- iso -:|:- dos -:|:- mac

Start -:|:- Проекты -:|:- О нас

Stateful UDP

UDP is stateless so naturally it's a bit harder to do a reliable job of keeping state on it. Nonetheless, ipf does a pretty good job. When machine A sends a UDP packet to machine B with source port X and destination port Y, ipf will allow a reply from machine by to machine A with source port Y and destination port Y. This is is a short term state entry, a mere 60 seconds.

Here's an example of what happens if we use nslookup to get the IP address of www.3com.com:
$ nslookup www.3com.com
A DNS packet is generated:
17:54:25.499852 > 51979+
The packet is from, port 2111, destined for, port 53. A 60 second state entry is created. If a packet comes back from port 53 destined for port 2111 within that period of time, the reply packet will be let through. As you can see, milliseconds later:
17:54:25.501209 > 51979 q: www.3com.com
The reply packet matches the state criteria and is let through. At that same moment that packet is let through, the state gateway is closed and no new incoming packets will be allowed in, even if they claim to be from the same place.