[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linux firewall vs. other products

> > Don't forget that ipchains configures a packet
> filter in the kernel,
> > not a 'real' firewall.
> It's used for dealing with packets, yes, I know. But
> what other types of
> firewalls are there? Pardon my ignorance, but all I
> know on the subject
> of 'firewall' is 'packet blocking'. :)

There are, I believe, proxying firewalls, which work
on the connection level, as opposed to the packet
level. And I should know since I have written a couple
of proxies ;)
The typical example of why you would need a proxy is
FTP: the client opens a "control" connection
(typically on port 21) and sends an address and port
to the server on which the server opens a "data"
connection to send the file(s). A "mere" packet filter
cannot handle this which I believe is why the Linux
kernel has a FTP module to handle this. I'm not sure
how well it works though, I recall seeing some posts
in the archives asking for a better FTP proxy...
That is actually the reason I've been lurking on this
list; I've been thinking of putting together a
Debian-based proxying firewall (or preferably a
"Router/Firewall" option in the Debian installation)
and I wanted to get a feel for what happening in this
space... If anyone is working on something like this I
would very much like to know!



Rickard Lind, NTier Solutions AB
Please reply to: rickard.lind@ntier.se

Do You Yahoo!?
Ditt_namn@yahoo.se - skaffa en gratis mailadress på http://mail.yahoo.se

Reply to: