On Tue, 27 Jun 2000, David Murphy wrote:
> You said:
>> So you actually said that you thought Linux didn't have stateful
> inspection as it didn't belong in kernel space.
i was wrong, as i often am. but that's why i'm on this list, to
learn. people say stuff, if they're wrong they are hopefully corrected and
they and the list learn from it. If they're right, the list learns.
> kernel, hence they hadn't put it in. However, you seem to have changed
> your opinion of their opinion:
>wow.. really have to watch your words when talking to you. To be
my personal opinion that stuff like filtering should be in kernel is
unchanged. my preffered way of implementing filtering in userland is by
using application proxies such as squid, or by implementing other local
network services such as sendmail, DNS, such that local clients do not
have to access outside stuff.
> > > The Linux kernel developers seem to disagree with you.
> > good for them. they know better than i do.
> No argument here.
you should be a lawyer. clever statement that, you know there's no way i
can disagree, eg: "actually yes i do know better than the kernel
> So, we can categorically state that it was a machine, and had RAM in
a hefty amount of it.
> If the kernel isn't forwarding any packets, how are they getting from
> the internal interface to the external interface?
userland would have to do the forwarding, or else the packet interface
would have to be: "don't forward unless userland says so". i gather from
Poo it's not like that in current implementations.
> Nearly everything is dynamically loaded into the kernel.
nifty.. still slow though. :)
anyway... most of this is going in circles now, so let's leave the "you
said he said they said" stuff. I am genuinely interested in hearing about
how current packet filter interfaces work though.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!