rsblanchard wrote:Sometimes, in the historical-sidebar-notes to a rule involving incoming UDP-datagrams to a specific port, L.S. will state that the datagrams couldn't be blocked, because UDP is a "connectionless-protocol" .
My system doesn't say connectionless datastreams can't be blocked, but "cannot be paused". I think this means that LS can't put up a connection alert and wait for an answer. It has to either a) already have a rule, or b) automatically decide to allow or block.
Incoming UDP datagrams certainly can be blocked, although precisely what this means is somewhat different because the built-in firewall will have already seen them before they get to LS. Here's an older thread, different subject but might help with understanding what's going on. viewtopic.php?f=1&t=6936&p=22452
... and, what is a "stealth" UDP connection, as seen in my log ? (And, why is it called a "connection", because UDPs don't make a connection)
This is the built-in firewall at work. "Stealth" means the firewall didn't reply with "this port is closed" (or something else) but ignored the communication and made no reply. LS has no part in it.
Why is it called a "connection"? I don't know, it's Apple's language. Seems to me to be a matter of definition and interpretation. Example, someone sends a ping (also connectionless) they want a reply, that could be called a type of connection, no? Imprecise language I think, nothing more.