Just wonder... If I set a rule in ESS that is only for outgoing connections, what aspects of incoming packets does the firewall looks at to see if it is part of an existing one? The ip? The port numbers? the sequence number?...

Also, not about ESS but I have some NAT routers with SPI... If I understand, they check the ip, the ports and the sequence number of a connection to see if it is valid right? Is it the same thing as using ESS in automatic mode? (of course without the virus protection...)

Thanks

Alex

nobody knows???...

From what I saw here, you'll hardly receive any technical answers (from developpers or mods) regarding firewall in ESS.
I guess firewall in ESS don't have SPI (stateful packet inspection) capability.

-{ Quote: "From what I saw here, you'll hardly receive any technical answers (from developpers or mods) regarding firewall in ESS.
I guess firewall in ESS don't have SPI (stateful packet inspection) capability." }-

Wow... no technical answers in the official eset forum... ??? Any reason for that? It seems to be THE place for it?

Anyway... I think I will be looking to buy another firewall...

-{ Quote: "Wow... no technical answers in the official eset forum... ??? Any reason for that? It seems to be THE place for it?" }-
Well, not always but usually there is not straight answers to tough questions (you can browse through older posts and see for yourself 8) )

-{ Quote: "Anyway... I think I will be looking to buy another firewall..." }-
If you look for a firewall without hard-coded rules that's a good move.

-{ Quote: "Well, not always but usually there is not straight answers to tough questions (you can browse through older posts and see for yourself 8) )


If you look for a firewall without hard-coded rules that's a good move." }-
Well, actually, ess does have a lot of sort of hard-coded rules but they can be disabled (not deleted)

Anyway... I don't think my question is very tough... I mean... How does the firewall know that a packet is part of an existing connection (in the case of an outgoing only rule)...

There is 3 options! It could be looking at the port only, performing a sort of port translation. So everything that comes back to that port is believed to be part of this connection...

It could also look at the ip... But in that case, only 1 application would be able to access a particular ip at a given time...

So... It could be using both... is it that?

And for the SPI... it is not very hard again... Does it include a kind of SPI? Yes or no...

Anyway...

Thanks