LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Firewall Overhead.

[ILUG] Firewall Overhead.

David Murphy drjolt+ilug at redbrick.dcu.ie
Tue Jun 27 21:03:31 IST 2000 

Quoting <Pine.LNX.4.21.0006271809000.3203-100000 at rossi.itg.ie>
by Paul Jakma <paulj at itg.ie>:

> > No, ip_masq modules are not stateful firewalls.  These are application
> > specific transparent proxies.
> 
> that's the problem with 'stateful'. To me that term covers a very broad
> range of firewall types. 

Fair enough - the general usages, as I understand them, are:

Packet filter: Looks at each IP packet on its own merits.
Example: router/switch ACL.

Stateful inspector: Looks at each IP packet in context.
Example: ipfilter [1], Checkpoint Firewall-1 [2]

Application proxy: Looks at application packets.
Example: TIS fwtk [3], squid [4]

> > It's nice to see what I presume to be a grown man resort to
> > calling people trolls when his credentials are brought into
> > question.

> so what are your credentials? i called you a /possible/ troll after
> you said i was a "conjecturer" and that you were "more likely to be
> more correct",

Neither of you have flashed any credentials at anybody - why one of
you gets accusations of trolling thrown at them, aside from upset at
Linux being dissed, is beyond me.

> yet you offered no credentials to back this up apart from some net
> flight list mail. (however we've also seen a link to a post from
> alexy kutznekov absolutely refuting the nfr claims).

I can be sure that a Linux developer is biased towards Linux - it's
partly their own work after all. I can't be certain that NFR is biased
against Linux, and am very much inclined to think they are OS-agnostic
- indeed, they recommend different OSes for their Intrusion Detection
Appliance and Central Station, despite the additional costs of
supporting different OSes from a development perspective. Very, very,
very few companies who can get away with supporting one OS choose to
support two.

> note the /possible/, if you weren't trolling then at the very least
> you need to calm down a little and try discuss things in a more
> considered and less aggressive manner.

[1] http://coombs.anu.edu.au/~avalon/ip-filter.html

[2] http://www.checkpoint.com/products/firewall-1/index.html

[3] http://www.tis.com/fwtk/

[4] http://www.squid-cache.org/

-- 
When asked if it is true that he uses his wheelchair as a weapon he will reply:
"That's a malicious rumour. I'll run over anyone who repeats it."
Stephen Hawking - [http://www.smh.com.au/news/0001/07/features/features1.html]
David Murphy - For PGP public key, send mail with Subject: send-pgp-key

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell