Re: FW-1 and inspect language

[SeanC <xlate () texas net>]

Hello...

Marcelo Barbosa Lima wrote:

>         The FW-1 has a inspect language. Does this language permit to filter
> application's data and maintain states (creating dynamic data structures)
> using this data extracted?

Yes, absolutely...

Inspect gives you the ability to extract information from anywhere in the
packet.  You can then store necessary connection info in state tables which can
also be added and their properties user defined.

In this way you can provide support for custom applications following
connections through multiple state changes as they're passing through the
firewall.

> Is IPfilter a SPF? It doesn't filter in
> application level, but mantain states of connections TCP and sessions UDP.

Sorry, I'm not familiar with it off hand...

hope this helps.....

-src

--
Sean Costello
Xlate () Texas Net

Aka:

}Oo.  Xlate () Iname com   .oO{
}Oo.  Xlate () Home com   .oO{

And...coming soon...

                        www.SeanC.com

              "When imposing your existence on reality...
remember that reality could always decide to exist without you." -src