Firewalls: Re: FW-1, etc.

Firewalls
(March 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: FW-1, etc.
From:	Frank Wortner <frank @ prodigy . com>
Date:	Fri, 3 Mar 1995 10:05:43 -0500 (EST)
To:	Firewalls <firewalls @ greatcircle . com>
In-reply-to:	<9503030645 . AA07415 @ brittany . oes . amdahl . com>

The only sensible argument *I* can come up with in the "packet filters vs. 
application gateways" debate is that given the "available" software, it is
easier for someone who wants to "roll her own" to build and configure an
application gateway than a packet filter. 

The general design is at a higher level:  shut everything off, and then 
decide what *services* to allow as opposed to shut everything off then 
decide what ranges of ports to allow.  It's just plain easier to do the 
former correctly than the latter --- given available "freeware."

Additional ways to flog this dead horse are left as an exercise for 
the reader.  :-)

					 Frank

--
"Outside of a dog, a book is a man's best friend;
 inside of a dog, it's too dark to read."  -- Groucho Marx

References:

Re: FW-1, etc.
From: patrick @ oes . amdahl . com (Patrick Horgan)

Indexed By Date	Previous:	TIS From: Jason Crow <jason . crow @ sbil . co . uk>
Indexed By Date	Next:	Re: FW-1, etc. From: "Marcus J. Ranum" <mjr @ tis . com>
Indexed By Thread	Previous:	Re: FW-1, etc. From: patrick @ oes . amdahl . com (Patrick Horgan)
Indexed By Thread	Next:	Re: FW-1, etc. From: "Marcus J. Ranum" <mjr @ tis . com>