From: Thomas Ribbrock (emgaron at domain gmx.net)
Date: Thu 27 Jul 2000 - 01:57:25 IST
On Wed, Jul 26, 2000 at 03:22:42AM +0100, Paul Jakma wrote:
[...]
> but i still think security is a matter of either/both:
>
> - securing the transport between 2 hosts, eg link layer encryption or
> encrypted tunnels.
>
> - application level security.
>
> stateful packet filtering just does not give you extra security over
> static inspection. (to my impaired mind).
Well, the two points you mention are certainly important as well, no
argument.
[...]
> > Whether it really is, I'll be able to tell you some time in August, as I'm
> > currently moving my Firewall/Dial-Up/Masquerading machine from Linux/ipfwadm
> > to OpenBSD/ipfilter. I'll be happy to provide first-hand experiences.
> >
>
> love to hear it. however it is my duty as a devout linux fanatic to
> point out that Linux 2.4 has iptables with 'conntrack' modules which
> will do everything you need to do plus more. (eg you can apply rate
> limits to rules to throttle SYN's/ICMP/logging/etc..).
>
> use linux 2.4 man... it rulez!
Well, neither is Linux 2.4 fully released yet, nor does it have the security
track record that OpenBSD has (yet - I hope). Mix that with some curiousity
for BSD on my part and you have my reasons... :-)
Cheerio,
Thomas
--
-----------------------------------------------------------------------------
Thomas Ribbrock http://www.bigfoot.com/~kaytan ICQ#: 15839919
"You have to live on the edge of reality - to make your dreams come true!"
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:06:59 GMT