On Thu, May 23, 2002 at 02:30:18PM -0400, Ramin Alidousti wrote: > On Thu, May 23, 2002 at 01:04:33PM -0400, Patrick Desnoyers wrote: > > > > > I would like to know if it is possible, when reloading the firewall script , > > to keep the old state table and to make all connections go through the rules > > again to see if it still accepted. > > > > > > I just dont want to lose my connections when I change a rule... is there any > > way I can do that ? (Like in checkpoint FW1 (I think). (It keeps the old > > state table and verifies with it to see if it was established, if so, it > > goes through the rules and if still accepted, goes in the new state table) > > I believe that it's already the case. My ssh connection does not > get killed every time I restore the rules remotely...
Actually, I even reboot the firewall machine every night and it keeps connections, even though the rules check for --state NEW *AND* tcp-flags ALL/SYN! Simon
