How can the established keyword in an ACL entry be used?

  • Post author:
  • Post category:Blog
  • Reading time:2 mins read
  • Post last modified:June 12, 2024

How can the established keyword in an ACL entry be used?

  • to permit only the returning TCP packets from an already existing TCP connection, and deny the initial TCP packet of a new session from an untrusted network
  • to permit both the initial TCP packet of a new session and the returning TCP packets from an existing TCP connection
  • to permit only the initial TCP packet of a new session
  • to change a router into a true stateful firewall controlling the access on a session-by-session basis
Explanation & Hint:

The established keyword in an Access Control List (ACL) entry can be used:

To permit only the returning TCP packets from an already existing TCP connection, and deny the initial TCP packet of a new session from an untrusted network.

This keyword is used in extended ACLs to allow return traffic from outside to inside on TCP connections that were initiated from the inside. It checks for the ACK or RST bits in the TCP header to be set, which are typically set in packets that are part of an existing connection, rather than packets that are trying to initiate a new connection.

For more Questions and Answers:

Network Security Post-Assessment | CBROPS

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments