Re: Netfilter
From: Ian Jones (roux@attbi.com)Date: 06/22/02
- Next message: Krish Ahya: "Re: Netfilter"
- Previous message: remoter: "help... (iptables, ipchains )"
- In reply to: Krish Ahya: "Netfilter"
- Next in thread: Krish Ahya: "Re: Netfilter"
- Reply: Krish Ahya: "Re: Netfilter"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Ian Jones <roux@attbi.com> Date: Sat, 22 Jun 2002 03:21:57 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"Krish Ahya" <Krish@houston.rr.com> writes:
> I'm wondering about Netfilter (aka. iptables) the standard stateful firewall
> that comes w/ Linux. Say if I have a dmz and allow people to come into a
> server on port 80, will netfilter inspect the packet on all 7 layers of the
> OSI model and make sure that it is actually a http packet and following the
> rules and protocol specifications of http? Sorta like checkpoints INSPECT
> module. If not, is there anyway I can "tweak" it to do that?
Welcome to the group and congrats on putting together such a
STUPID-ASSED question. I am not familiar with *any* single collection
of code which will involve itself with all seven layers of the
_theoretical_ OS-freakin-I model.
Come on, Krish - this is now a FAQ (and I guess it needs to be a part
of our FAQ now). Kernel packet filtering doesn't give a whit about the
application. You do not want your kernel bogged down doing application
level filtering.
-----BEGIN PGP SIGNATURE-----
Comment: Keeping the world safe for geeks.
iD8DBQE9E+newBVKl/Nci0oRAkf6AJwKUGXabn3phEggN+lAkcIhijqVewCgzc8i
LYvVM9DIr42nfowFfBZubXo=
=IrEF
-----END PGP SIGNATURE-----
- Next message: Krish Ahya: "Re: Netfilter"
- Previous message: remoter: "help... (iptables, ipchains )"
- In reply to: Krish Ahya: "Netfilter"
- Next in thread: Krish Ahya: "Re: Netfilter"
- Reply: Krish Ahya: "Re: Netfilter"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
