Re: Firewall rules order and performance

["Marcus J. Ranum" <mjr () ranum com>]

Eric Gearhart wrote:
> makes it sound like the term started with "packet filter," then
> evolved to stateful packet inspection, then the third generation of
> the term evolved into your definition...

Wikipedia has it wrong. First was some packet filtering. Then,
it appears Dave Presotto at Bell Labs started at layer-7 with
circuit relays. Cisco added "established" to IOS - is that
"stateful" or not? Man in the middle layer-7 proxies came next,
then Geoff Mulligan at Sun and Bob Braden at ISI started on
"Sunscreen" and "Visas", respectively. "Stateful packet
inspection" a la Checkpoint didn't enter the scene until
relatively late. Sunscreen was already selling poorly but
in the market, and the proxy firewall vendors - DEC/Altavista,
Raptor, TIS, ANS, Milky Way, and Harris - were selling the hell
out of layer-7 solutions.

mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards