Firewall Wizards mailing list archives

RE: latest firewall tools for linux

From: "Oxenreider, Jeff" <jox () safelite com>
Date: Thu, 18 May 2000 07:46:22 -0400

Correct me if I'm wrong, but I believe the newer Linux kernels have support
for "Stateful Inspection".  Isn't that the same thing that you're talking
about here?



Jeffrey A. Oxenreider
Network Security Analyst
Safelite Glass Corp



-----Original Message-----
From: Roelof JT Jonkman [mailto:rjonkman () ittc ukans edu]
Sent: Tuesday, May 16, 2000 4:36 PM
To: Mark Drummond
Cc: firewall-wizards () nfr net
Subject: Re: [fw-wiz] latest firewall tools for linux 


Hello,

Just for clarification I guess, but OpenBSD uses Darren Reed's Ipfilter
package
which maintains tcp state, and therefore allows you to deny certain things 
pending on the state of the tcp connection. Whereas stock linux with
ipchains
is a packetfilter, and it doesn't quite allow you to deny exactly
everything.
So in some ways the statement 'openbsd ... happier' may fly in this case, 
although it should probably be 'ipfilter .. happier' ;-)

roel
PS. I recently switched from a bridging/hacked linux firewall to an almost
stock
    openbsd box with the same functionality + some.

Current thread:

latest firewall tools for linux Firewalls (May 05)
- Re: latest firewall tools for linux Aaron Turner (May 12)
- <Possible follow-ups>
- RE: latest firewall tools for linux Moore, James (May 12)
  - Re: latest firewall tools for linux Mark Drummond (May 15)
    - Re: latest firewall tools for linux Roelof JT Jonkman (May 17)
    - Re: latest firewall tools for linux Volker Tanger (May 19)
    - Re: latest firewall tools for linux Jonas Eriksson (May 19)
    - Re: latest firewall tools for linux Gareth Jones (May 19)
- RE: latest firewall tools for linux Oxenreider, Jeff (May 19)
- Re: latest firewall tools for linux Andreas Hasenack (May 21)