̈ Chapter 8: Firewall LANCOM Reference Manual LCOS 3.50
119
Firewall
a dynamic one, new entries can be added continuously with the appropri-
ate Firewall actions. Entries automatically disappear after exceeding the
timeout.
̈ For each established connection an entry is made in the connection list,
if the checked packet has been accepted by the filter list. In the connec-
tion list is noted from which source to which destination, over which pro-
tocol and which port a connection is actually allowed. The list contains in
addition, how long an entry will stay in the list and which Firewall rule is
responsible for the entry. This list is very dynamic and permanently “mov-
ing”.
̈ The filter list is made of the Firewall rules. The containing filters are static
and only changed when Firewall rules are added, edited or deleted.
Thus all lists, which are consulted by the Firewall to check data packets, finally
base on the Firewall rules (’Parameters of Firewall rules’ →page 125).
8.3.2 Special protocols
One important point during the connection tracking is the treatment of pro-
tocols that dynamically negotiate ports and/or addresses, over which further
communication is done. Examples of these kinds of protocols are FTP, H.323
or also many UDP-based protocols. Thereby it is necessary that further con-
nections must be opened, additionally to the first connection. See also ’Dif-
ferent types of Firewalls’ →page 108.
UDP connections
UDP is actually a stateless protocol, nevertheless one can speak regarding
UDP-based protocols also of a (only short term) connection, since UDP mostly
carries Request/Response based protocols, with which a client directs its
requests to a well known port of a server (e.g. 53 for DNS), which in turn sends
its responds to the source port selected by the client:
Client port Connection Server port
12345
Request
53
12345
Response
53