LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Firewall Overhead.

[ILUG] Firewall Overhead.

Paul Jakma paulj at itg.ie
Tue Jun 27 17:23:19 IST 2000 

On Tue, 27 Jun 2000, David Murphy wrote:

> You said:
> 
> So you actually said that you thought Linux didn't have stateful
> inspection as it didn't belong in kernel space.

i was wrong, as i often am. but that's why i'm on this list, to
learn. people say stuff, if they're wrong they are hopefully corrected and
they and the list learn from it. If they're right, the list learns.

> kernel, hence they hadn't put it in. However, you seem to have changed
> your opinion of their opinion:
> 
wow.. really have to watch your words when talking to you. To be
specific: 

my personal opinion that stuff like filtering should be in kernel is
unchanged. my preffered way of implementing filtering in userland is by
using application proxies such as squid, or by implementing other local
network services such as sendmail, DNS, such that local clients do not
have to access outside stuff.

> > > The Linux kernel developers seem to disagree with you.
> > good for them. they know better than i do.
> No argument here.

you should be a lawyer. clever statement that, you know there's no way i
can disagree, eg: "actually yes i do know better than the kernel
developers" :).

> So, we can categorically state that it was a machine, and had RAM in
> it. 

a hefty amount of it. 

> If the kernel isn't forwarding any packets, how are they getting from
> the internal interface to the external interface?
> 

userland would have to do the forwarding, or else the packet interface
would have to be: "don't forward unless userland says so". i gather from
Poo it's not like that in current implementations. 

> Nearly everything is dynamically loaded into the kernel.

nifty.. still slow though. :)

anyway... most of this is going in circles now, so let's leave the "you
said he said they said" stuff. I am genuinely interested in hearing about
how current packet filter interfaces work though.

regards,

Paul Jakma.

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell