Re: [fw-wiz] IPTables QUEUE target equivalency in other firewalls

From: H. Morrow Long (morrow.long@yale.edu)
Date: 02/26/03

Next message: Barney Wolff: "Re: [fw-wiz] IPTables QUEUE target equivalency in other firewalls"

Previous message: Rod Marten: "[fw-wiz] IPTables QUEUE target equivalency in other firewalls"
In reply to: Rod Marten: "[fw-wiz] IPTables QUEUE target equivalency in other firewalls"
Next in thread: Barney Wolff: "Re: [fw-wiz] IPTables QUEUE target equivalency in other firewalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "H. Morrow Long" <morrow.long@yale.edu>
To: Rod Marten <rod.marten@domail.maricopa.edu>
Date: Wed, 26 Feb 2003 15:21:30 -0500

Not PIX. The only semi similar functionality that the
PIX supports outside of the rules in the PIX firewall itself
is the use of outside web cache filtering by URLs
so that companies can subscribe to the URL blacklisting
types of services to block employee browsing of such sites.

H. Morrow Long

Rod Marten wrote:
> Netfilter/IPTables supports a target of QUEUE which delivers packets to
> a userspace interface where they can be modified,inspected etc. For
> example, the QUEUE target is used by Snort-inline to inspect and
> allow/drop packets in realtime.
>
> Do any other firewalls have a similar function? I am particularly
> interested in ipFilter, ipfw, packetfilter, or PIX (I know PIX is highly
> unlikely since it is more of a dedicated appliance).
>
> Thanks for the information.
>
> Rod Marten
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Barney Wolff: "Re: [fw-wiz] IPTables QUEUE target equivalency in other firewalls"
Previous message: Rod Marten: "[fw-wiz] IPTables QUEUE target equivalency in other firewalls"
In reply to: Rod Marten: "[fw-wiz] IPTables QUEUE target equivalency in other firewalls"
Next in thread: Barney Wolff: "Re: [fw-wiz] IPTables QUEUE target equivalency in other firewalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: [fw-wiz] Appropriate PIX logging level
... I was actually just starting to look into this, I'm being blasted by the messages from the pix when it rejects a broadcast packet (I'm getting 43,000 log entries per day based on the firewalls rejecting each server that's in a HA configuration and useing broadcast udp packets for their heartbeat, that adds up to a LOT of log entries when there are several dozen such clusters) ... logging level on a PIX have to be set to? ... firewall-wizards mailing list ...
(Firewall-Wizards)
RE: [fw-wiz] Odd PIX / router behavior
... When you saw the original spoofed traffic, what kind of packets were ... My first thought was a misconfigured internal host too, ... 10.0.0.1 is the inside interface of the PIX. ...
(Firewall-Wizards)
Re: PIX 506E as a router
... to use it as a simple router? ... as you *need* the responses coming from the WAN unless ... incoming packets that are responses to outgoing packets (a ... PIX 506E do -fairly- well in such configurations, ...
(comp.dcom.sys.cisco)
Re: Pix as router?
... I don't need GRE or any dynamic routing. ... does not really understand the Pix but does understand ... No NAT no nothing - just a basic IP router. ... and build new outgoing packets. ...
(comp.dcom.sys.cisco)
RE: [fw-wiz] Cisco Concentrator - pix515 Lan-to-Lan
... route that points 10.50.0.0/24 to the inside interface of the concentrator. ... VPN 3000's log? ... on one side and pix 515 on the other. ... I can see echo and eho-replay packets on my pix (debug icmp ...
(Firewall-Wizards)