Firewall Wizards mailing list archives
Re: PIX sux? (know Stateful vs Application)
From: Darren Reed <darrenr () reed wattle id au>
Date: Thu, 30 Dec 1999 01:34:24 +1100 (EST)
In some email I received from Dom De Vitto, sie wrote: [...]
Interesting point Shaun, mybe this has something to do with the first 'firewalls' being commercial products (any comments Marcus?). I think alot of the problems the opensource crew have had have been related to the fact that the goalposts are moving too fast (Linux for one has different kernal firewalling in v2.0, v2.2 and v2.3 !) I was suprised and downhearted when I found out that stateful inspection wasn't available in (v2.2) ipchains. SI is available in IPFilters, but they only work with the v2.0 kernel. The new firewalling in the v2.3 kernel is a rewrite of the IPchains (with the main author admitting that a lot of lessons have been learnt).
[...] Well, you're using the wrong `open-source' operating system for your firewall, aren't you ? :-) As much as I don't want to boast too much, were you using NetBSD or OpenBSD or FreeBSD (or even Solaris !) you could have already implemented a firewall which does stateful filtering curtesy of IP Filter. None of those three have seen any need to reinvent their firewalling wheel as has Linux in each OS release since it was first added. If you need some help checking each of the alternatives out: http://www.netbsd.org http://www.openbsd.org http://www.freebsd.org http://coombs.anu.edu.au/~avalon/ip-filter.html Remember: there is more to open source than linux so don't confine your thinking to be that way! Darren p.s. that IPFilter is only supported in ye-olde 2.0 kernels (RedHat 4) is largely due to the fact that goalposts move too often and too much for me to justify the necessary effort.
Current thread:
- PIX sux? (was Re: Start watching your logfiles folks!) Ryan Russell (Dec 24)
- <Possible follow-ups>
- Re: PIX sux? (was Re: Start watching your logfiles folks!) Predrag Zivic (Dec 26)
- RE: PIX sux? (know Stateful vs Application) Shaun Moran (Dec 27)
- RE: PIX sux? (know Stateful vs Application) Frederick M Avolio (Dec 28)
- RE: PIX sux? (know Stateful vs Application) David Lang (Dec 28)
- RE: PIX sux? (know Stateful vs Application) Dom De Vitto (Dec 28)
- Re: PIX sux? (know Stateful vs Application) Darren Reed (Dec 30)
- RE: PIX sux? (know Stateful vs Application) Shaun Moran (Dec 27)
- Re: PIX sux? (was Re: Start watching your logfiles folks!) Ryan Russell (Dec 27)