> "stateful inspection" is just another name of "connection tracking" - i.e. > keeping the state of active connections and filtering based on that. actually it is not, since stateful inspection is used by checkpoint to refer to their solution which is a stateful connection tracker COMBINED with a script engine which can look inside the package content. it is more like application level proxies which can understand the protocol they filter. (if you actually look at the data you filter with those scripts, which fw1 is not very often doing). Greetings Bernd - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
