there is the shortcut described, but the function, too!
The stateful firewall depends on the three-way handshake of the TCP protocol when the protocol being used is TCP; when the protocol is UDP, the stateful firewall does not depend on anything related to TCP. When a client initiates a new connection, it sends a packet with the SYN bit set in the packet header. All packets with the SYN bit set are considered by the firewall as NEW connections. If the service which the client has requested is available on the server, the service will reply to the SYN packet with a packet in which both the SYN and the ACK bit are set. The client will then respond with a packet in which only the ACK bit is set, and the connection will enter the ESTABLISHED state. Such a firewall will pass all outgoing packets through but will only allow incoming packets if they are part of an ESTABLISHED connection, ensuring that hackers cannot start unsolicited connections with the protected machine.
thats, what the SPI firewall in DD-WRT does and other softwares. _________________ RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
No, it is not useless. It gives you a "perfect stealth" rating with GRC Shields Up, unless you forward ports or otherwise open them (e.g. with UPnP).
It greatly improves computer security, seen that your devices are always behind at least one firewall. _________________ Asus RT-N16 running Merlin fork RT-N16_184.108.40.206_374.43_2-11E1j9527.trx with entware, formerly used Kong 22000++ kingkong-nv32k-broadcom with OTRW2
I don't say they solve everything, but open ports are invitations to hammering and further attacks. GRC Shields Up gives a perfect stealth status when it has no portscan evidence that behind your IP would exist anything like a computer or router. Of course, torrents and servers will reveal your IP, as ordinary web surfing also does (to the websites you access). _________________ Asus RT-N16 running Merlin fork RT-N16_220.127.116.11_374.43_2-11E1j9527.trx with entware, formerly used Kong 22000++ kingkong-nv32k-broadcom with OTRW2
You mean non-stealth ports? As the ports would still be closed due to NAT.
Yes, I meant non-stealth ports. GRC Shields Up marks them in red and says they're open ports. It says the ports are closed if it is still able to see them, and they are stealth if it finds no evidence of the existence such port. Perfect stealth means that router does not answer ping and the GRC scanner finds no evidence that a computer/router would exist at that IP. _________________ Asus RT-N16 running Merlin fork RT-N16_18.104.22.168_374.43_2-11E1j9527.trx with entware, formerly used Kong 22000++ kingkong-nv32k-broadcom with OTRW2