[Firehol-support] Netmeeting?
Costa Tsaousis
costa at tsaousis.gr
Wed Feb 5 00:48:51 CET 2003
Hi Scott,
To firewall H323 in a stateful way there must exist an iptables kernel
module capable of doing this, because H323 requires from the client to
have completely open the port range 1024 to 65535 on TCP and UDP (RTP).
The developers of iptables already have some iptables module for this
purpose that most probably will make it in some future kernel version.
See:
http://www.iptables.org/documentation/pomlist/pom-extra.html#h323-conntrack-nat
Until then, you can configure FireHOL to support H323 by allowing the
required traffic to flow on all possible ports, but please understand that
this will be a huge security hole.
Kind regards
Costa Tsaousis
Scott MacKay said:
> Hello!
> I was wondering, how hard would it be to make a
> Netmeeting (H323) stateful service? I am interested
> in detecting this type of traffic and then marking it
> (MARK) so I can identify it in a custom queue (QUEUE)
> module. It does seem that you can do some stateful
> stuff, and I was wondering if it is possible using
> firehol. Thanks in advance!!
>
> -Scott MacKay
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
>
> -------------------------------------------------------
> This SF.NET email is sponsored by:
> SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
> http://www.vasoftware.com
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
More information about the Firehol-support
mailing list