Re: [fw-wiz] Firewall Primitives

From: George Capehart (capegeo@opengroup.org)
Date: 11/05/02


From: George Capehart <capegeo@opengroup.org>
To: Crispin Cowan <crispin@wirex.com>
Date: Tue Nov  5 21:05:17 2002

Crispin Cowan wrote:
>
> George Capehart wrote:
>
> >This is interesting. So, a firewall really should/could/might be a
> >multi-layer, multi-protocol switch . . .
> >
> But of course. That's all firewalls ever were, but marketing hates it
> when people discover that :)

Doh! OK, I'll buy that. I'd really (in my own way) seen firewalls as being
more like band-pass filters. But that's probably another discussion. When
I wrote "switch" I was really thinking "router."

:/g/switch/s//router/g

It really did seem that he was suggesting that the firewall actually
actively route, as opposed to "look at the packet and drop it if it doesn't
like it . . ." ;-] So, I really meant to use the term router. That is a
step beyond the "throw it in the bit bucket if I don't like it" function
that is is a better fit for what mjr seemed to be describing. Of course, I
don't want to put words in his mouth . . . ;-)

/gc

--
George W. Capehart
"We did a risk management review.  We concluded that there was no risk
 of any management."  -- Dilbert