Re: [fw-wiz] proxy firewalls -vs- packet filters



On Thu, Apr 28, 2011 at 07:36:31PM -0400, Marcus J. Ranum wrote:
Bennett Todd wrote:
Probably a naive question, but is there any possibility ipv6 might
tear open a gap in the range of available firewall products that
user-space application layer proxy firewalls could fill faster than
the heuristics for packet filtering can run over enough toes to
discover the necessary subtlties?

Probably a snarky answer, but I thought that when the switchover
to iPv6 happens, nobody'll need firewalls anymore.

Presumably the reason why so many of the firewall venders are thinking
ahead, and not bothering to support IPv6. Who could possibly need that?

G.
--
-------------------------------------------------------------------------
Graham Allan
School of Physics and Astronomy - University of Minnesota
-------------------------------------------------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: ipnat.conf - map and rdr wont work!
    ... You've got two competing firewall solutions loaded at the same time. ... so you say you use ipnat for redirect and map and ipfw for packet filtering. ... ipfilter wraps around the kernel and takes over all packet handling. ... All that traffic shaping you've done have no effect at all. ...
    (freebsd-questions)
  • Re: suggestions on router w/firewall
    ... of using NAT, even with SPI, as a firewall method. ... describe standard NAT as a firewall service. ... That sentence refers to four concepts: NAT, router, simple packet filtering, ... created port table to packet header info, and NAT does change the packet. ...
    (comp.security.firewalls)
  • RE: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)
    ... Once you turn on the packet filtering, you either allow all, or deny all ... XP's "firewall" has several pre-defined higher layer protocols that ... #Full-Disclosure - We believe in it. ... in error, please contact us immediately at 816.421.6611, and delete the communication from any computer or network system. ...
    (Full-Disclosure)
  • Re: Firewall for VMS / TRU64
    ... >> you could run a VMS box as a firewall very effectively ... ... The packet filtering is just that packet filtering. ... The packet filtering capabilities of TCPWARE would probably not affect the work ...
    (comp.os.vms)
  • re: firewall high-load performance
    ... against ipfw, but I suspect that any difference in performance is pretty ... If you're just doing packet filtering and using a fairly run of ... was related to use of dummynet for bandwidth management. ... Just one more reason pf is my favorite firewall. ...
    (freebsd-questions)