Re: [fw-wiz] Firewall Primitives

From: George Capehart (capegeo@opengroup.org)
Date: 11/05/02


From: George Capehart <capegeo@opengroup.org>
To: Crispin Cowan <crispin@wirex.com>
Date: Tue Nov  5 21:05:17 2002

Crispin Cowan wrote:
>
> George Capehart wrote:
>
> >This is interesting. So, a firewall really should/could/might be a
> >multi-layer, multi-protocol switch . . .
> >
> But of course. That's all firewalls ever were, but marketing hates it
> when people discover that :)

Doh! OK, I'll buy that. I'd really (in my own way) seen firewalls as being
more like band-pass filters. But that's probably another discussion. When
I wrote "switch" I was really thinking "router."

:/g/switch/s//router/g

It really did seem that he was suggesting that the firewall actually
actively route, as opposed to "look at the packet and drop it if it doesn't
like it . . ." ;-] So, I really meant to use the term router. That is a
step beyond the "throw it in the bit bucket if I don't like it" function
that is is a better fit for what mjr seemed to be describing. Of course, I
don't want to put words in his mouth . . . ;-)

/gc

--
George W. Capehart
"We did a risk management review.  We concluded that there was no risk
 of any management."  -- Dilbert


Relevant Pages

  • Re: Port 67 UDP Problem
    ... >> nodes that are listening know that its node is now online. ... >> cables are connected, etc. I've seen similar things working on ... computers that I've got firewalls on not want to work properly when they ... The part you missed is "discover its own IP address", ...
    (comp.security.firewalls)
  • Re: [fw-wiz] Firewall Primitives
    ... >>George Capehart wrote: ... That's all firewalls ever were, ... >>when people discover that:) ... Security Hardened Linux Distribution: ...
    (Firewall-Wizards)