nanog mailing list archives
Re: ACLs vs. full firewalls
From: Karl Auer <kauer () biplane com au>
Date: Wed, 08 Apr 2009 09:20:34 +1000
On Wed, 2009-04-08 at 10:46 +1200, Nathan Ward wrote:
I'd be interested to hear why people use firewalls.
End hosts are not always trustworthy. If a host is compromised, should it be able to send anything and everything out to the public network?
A packet filter looks at the "top surface" of the packet, and processes the packet accordingly - based on things like the protocol, the source address, the destination address, the TCP flags and so on. A firewall, on the other hand, makes decisions based on knowledge about the data being carried. I.e., firewall != packet filter; my question related to firewalls. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer () biplane com au) +61-2-64957160 (h) http://www.biplane.com.au/~kauer/ +61-428-957160 (mob) GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- ACLs vs. full firewalls Michael Helmeste (Apr 07)
- Re: ACLs vs. full firewalls Justin M. Streiner (Apr 07)
- Re: ACLs vs. full firewalls Eric Gauthier (Apr 07)
- Re: ACLs vs. full firewalls Michael Helmeste (Apr 07)
- Re: ACLs vs. full firewalls Matthew Petach (Apr 07)
- Re: ACLs vs. full firewalls Mark Smith (Apr 07)
- Re: ACLs vs. full firewalls Karl Auer (Apr 07)
- Re: ACLs vs. full firewalls Nathan Ward (Apr 07)
- Re: ACLs vs. full firewalls Karl Auer (Apr 07)
- Re: ACLs vs. full firewalls Steven M. Bellovin (Apr 07)
- Re: ACLs vs. full firewalls Karl Auer (Apr 07)
- Re: ACLs vs. full firewalls Ravi Pina (Apr 15)
- RE: ACLs vs. full firewalls TJ (Apr 15)
- Re: ACLs vs. full firewalls ubaidali_abdul_razack (Apr 07)