Any device on your local segment will require ARP. The SYN bit is also set in the syn-ack. That's about it. Only if you have a specific...
It's a bit more complicated than that. I guess you can safely leave that feature on. These people do not understand the fact that...
Correct. Gratuitous arp replies. Many reasons. If you run a network trace, chances are you will often see legitimate fragmentation. It is...
Assuming each network interface has a list of static rules, state options enabled and payload rules attached to a traffic stream the following...
Ingress / Egress acls are usually implemented at the perimeter (router,fw,etc). An Internet facing TCP application(e.g. web server) may also...
It is a stable beta. ;) Regards, Stefan
Arup, The tester shows the config at: http://www.firewall-test.net/chxi/index.html The "load test" fails when the only thing enabled is...
Moreover: Does the firewall detect and ignore fixed source ports (wrong choice of words again )? nmap -sS -g xx is a trivial test for a...
Much obliged for the effort. However - it is not a positive result for chx I am looking after...Any third party testing is more than welcome -...
As I have stated before - it would be of great help to those who are trying to reproduce your tests if you can actually post the configuration of...
I am really happy our code mutated itself and learned how to deal with your "taffic blocking" test: "Traffic Blocking Test Can "Firewall"...
Chances are you'd want to stick with your current solution. CHX is a network tool. Unaware of user-space applications. Best Regards, Stefan.
Triggers are "dormant" filters activated by payload events. For instance, if you create a trigger Force Allow incoming dstport = 123, you can...
Hello, As far as I know - there is no reason non-commercial license CHX policies should change with the 3.0. We'll try to include as many...
Good things come to those who wait.... ;) XMas sounds good ! Best Regards, Stefan.
If you are using the Allow base rule set you must add a rule allowing ARP: Allow Incoming Eth Type= ARP any any The general rule of thumb is...
You can use chx to accomplish that(see payload section): http://www.idrci.net/chx_beta/html/index.html Downloads are here:...
September sounds good - not 2005 though... ;) Seriously - we are doing our best to iron out all driver issues before signing it and releasing a...
You do not need the NAT module unless: a). you are configuring a gateway b). you have a server needing port splicing The 2.x documentation...
One must be careful when using Force Allow within the context of UDP/ICMP pseudo-state. As you know - a force allow trumps the UDP/ICMP...
Although it makes no sense to run two or more drivers performing the same function, there are specific circumstances that would allow for peaceful...
Perhaps the documentation is somewhat confusing and it needs some polishing. TCP state options are applied on all traffic traversing the...
You are correct (except for the bug free part.... ;) ). CHX is still in beta until we reach a 2.x quality with the new drivers. Until then -...
It is trivial for any process with root rights to do so: "net stop flthook" Of course you can make the driver unstoppable but that just...
I am no expert - by any means...but this is what I mean: - user Bob(or Alice to be politically correct) installs minesweeper version 9.8. And...
Separate names with a comma.
