IP Inpsect command query

[Gazzbut]

Hi,

Im studying for iscw at the moment and have a question related to the ip inspect rule

If I enter ip inspect NAME tcp this should allow all tcp traffic via the interface it is applied to. That being the case why would I then need to add in any other protocols? for example ip inspect NAME esmtp?

Surely once the generic tcp rule is entered all protocols above the transport layer are being allowed making the second rule redundant?

If somebody could point out what Im getting wrong here that would be grand!

Cheers
Gaz

 

[burtsbees]

It inspects the protocols, not allows them. The acl that CBAC works with is what allows/denies protocols.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[Gazzbut]

Ok. that makes sense. Thanks!

 

[Alterac]

you would add inspect ftp and inspect esmtp and such to handle higher level inspection of those protocols.

In the case of ftp, its not just 1 port that it uses, and without the higher level of inspection (or deeper level whatever) it wont work properly.


Bill