Firewalls: Re: Wellfleet Routers

Firewalls
(March 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Wellfleet Routers
From:	"John P. Rouillard" <rouilj @ cs . umb . edu>
Date:	Wed, 22 Mar 1995 23:03:41 -0500
To:	Reto Lichtensteiger <rali @ hri . com>
Cc:	avalon @ coombs . anu . edu . au (Darren Reed), firewalls @ greatcircle . com
In-reply-to:	Your message of "Wed, 22 Mar 1995 19:59:08 EST." <199503230059 . TAA08869 @ sextant . hri . com>

In message <199503230059 .
 TAA08869 @
 sextant .
 hri .
 com>,
Reto Lichtensteiger writes:
>Using the Wellfleet 5.X kernel (which I'm most familiar with) you 
>use an "editor" on the router to create the filters.  It's kind of kludgy
>and doesn't lend very well to listing out "rules" as one can do with the
>Ciscos.  Perhaps this is why there aren't as many (any?) people pitching
>in examples of Wellfleet filters ...
>
>The +thought process+ is the same tho', and the Wellfleets can filter just
>as well as the Cisco.

Agreed, but the interface is lousy and as far as I am concerend too
prone qto creating mistakes. Then again I have to deal with the 7.x or
later kernel you get to have a blast with that piece of crap called a
site-manager. No site manager, sorry can't configure your routers.
Unless you discover by some miracle that you have to set promiscous
mode in the router, you will keep wondering how to set up filters,
even though you can access the filter setup menu in the site-manager
8-(.

Trying to compare rules is a nightmare since there are no tools to do
it, and you really have no way to dump the state of the router. Your
routers "state" is contained in a maze of twisty little menus and
screens that all start looking alike after 3 hours.

Just try scripting an interaction with the site-manager software like
you can do with the cisco's, or netblazers, or many other routers I
have worked with. Its bloody impossible.

That's not to say that cisco's are easy, but its a reasonable command
line interface, and expect does wonders. Then again, I was once hired
to work on an application that would rewriting cisco's access lists on
the fly in response to a realtime traffic monitoring/analysis package,
so I have a definate bias.

				-- John
John Rouillard

Senior Systems Administrator		  IDD Information Services
rouilj @
 dstar .
 iddis .
 com			  Waltham, MA (617) 890-7227 x337
						      (617) 487-3937 (Direct)
Senior Systems Consultant (SERL Project)  University of Massachusetts at Boston
rouilj @
 cs .
 umb .
 edu (preferred)	          Boston, MA, (617) 287-6480
===============================================================================
My employers don't acknowledge my existence much less my opinions.

References:

Re: Wellfleet Routers
From: Reto Lichtensteiger <rali @ hri . com>

Indexed By Date	Previous:	Internet Security From: Network Security Observations <NSO @ delphi . com>
Indexed By Date	Next:	Re: IRC security From: Steve Kotsopoulos <steve @ ecf . toronto . edu>
Indexed By Thread	Previous:	Re: Wellfleet Routers From: Reto Lichtensteiger <rali @ hri . com>
Indexed By Thread	Next:	Re: Wellfleet Routers From: kim @ tac . nyc . ny . us (Kimmo Suominen)