The plug-gw by itself does not (in my opinion) add much
more value than a packet filtering rule ... except by
the fact that it *COULD* be extended to pay attention
to the app-protocol.
But, in the conversation thread here ... for me ...
I've been referring to the actual packet filtering
code (kernel mods) that protect the application proxies
and can be convinced to pass packets through like a
packet filter (ipfw? or what is it called?)
-- joe
Ryan Russell/SYBASE wrote:
>
> I think he may have been talking about the plug-gw,
> which (from the descriptions I've heard) is a packet
> filter (i.e. allow based on port numbers.)
>
> Ryan
>
> rick @
paimail .
com (Rick Murphy) on 10/19/97 05:01:28 PM
> To: craig .
wright @
asx .
com .
au ("Craig S. Wright") @ smtp
> cc: firewalls @
GreatCircle .
COM ("'firewalls @
GreatCircle .
COM'") @ smtp (bcc: Ryan
> Russell/SYBASE)
> Subject: RE: sex, lies, and firewall code
>
> At 12:44 PM 10/19/97 +1000, Craig S. Wright wrote:
> > The issues should not be based on proxy vs filter gateways, rather the
> > two need to be deployed together (note that TIS uses a packet filter too,
> so >both FW-1 and TIS are hybrids).
> Gauntlet uses a packet *screen* for enforcing anti-spoofing rules and for
> support of transparency. This is not a packet filter. (I'm not arguing
> semantics here - a packet FILTER allows packets to forward across the
> firewall. The Gauntlet packet SCREEN only denies packets or permits them
> to go to proxies.)
> -Rick
References:
|
|
