Re: [fw-wiz] IPTables QUEUE target equivalency in other firewalls

From: H. Morrow Long (morrow.long@yale.edu)
Date: 02/26/03

  • Next message: Barney Wolff: "Re: [fw-wiz] IPTables QUEUE target equivalency in other firewalls" 
    From: "H. Morrow Long" <morrow.long@yale.edu>
To: Rod Marten <rod.marten@domail.maricopa.edu>
Date: Wed, 26 Feb 2003 15:21:30 -0500

    Not PIX. The only semi similar functionality that the
    PIX supports outside of the rules in the PIX firewall itself
    is the use of outside web cache filtering by URLs
    so that companies can subscribe to the URL blacklisting
    types of services to block employee browsing of such sites.

    H. Morrow Long

    Rod Marten wrote:
    > Netfilter/IPTables supports a target of QUEUE which delivers packets to
    > a userspace interface where they can be modified,inspected etc. For
    > example, the QUEUE target is used by Snort-inline to inspect and
    > allow/drop packets in realtime.
    >
    > Do any other firewalls have a similar function? I am particularly
    > interested in ipFilter, ipfw, packetfilter, or PIX (I know PIX is highly
    > unlikely since it is more of a dedicated appliance).
    >
    > Thanks for the information.
    >
    > Rod Marten
    >
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    Relevant Pages

    • Re: [fw-wiz] Appropriate PIX logging level
      ... I was actually just starting to look into this, I'm being blasted by the messages from the pix when it rejects a broadcast packet (I'm getting 43,000 log entries per day based on the firewalls rejecting each server that's in a HA configuration and useing broadcast udp packets for their heartbeat, that adds up to a LOT of log entries when there are several dozen such clusters) ... logging level on a PIX have to be set to? ... firewall-wizards mailing list ...
      (Firewall-Wizards)
    • Re: [fw-wiz] Scheduling PIX commands
      ... We've just made some changes to our PIX config, ... ESPC Ltd is a company registered under the Companies ... Services Authority. ... firewall-wizards mailing list ...
      (Firewall-Wizards)
    • RE: [fw-wiz] Odd PIX / router behavior
      ... When you saw the original spoofed traffic, what kind of packets were ... My first thought was a misconfigured internal host too, ... 10.0.0.1 is the inside interface of the PIX. ...
      (Firewall-Wizards)
    • Re: PIX 506E as a router
      ... to use it as a simple router? ... as you *need* the responses coming from the WAN unless ... incoming packets that are responses to outgoing packets (a ... PIX 506E do -fairly- well in such configurations, ...
      (comp.dcom.sys.cisco)
    • Re: Pix as router?
      ... I don't need GRE or any dynamic routing. ... does not really understand the Pix but does understand ... No NAT no nothing - just a basic IP router. ... and build new outgoing packets. ...
      (comp.dcom.sys.cisco)