Am Sam, 2003-02-22 um 04.27 schrieb Dig Harry: > > connection track(Iptables) and stateful > inspection(Check Point Firewall) is same??? No it is not the same. Connection tracking just tracks the connection and can decide whether a packet belongs to a connection or not, but does no intelligent filtering. This is the same between FW1 and iptables. Stateful inspection is implemented in netfilter too, using specific modules, like ip_conntrack_ftp, ip_conntrack_h323 etc. It is not as advanced as in FW-1, meaning FW-1 supports more protocols and actually content inspection. Cheers, Ralf > I think: > connection track is only "track", can not filter. > stateful inspection can filter according to the packet > information. > Is that correct? > what is the difference between connection track and > stateful inspection??? > > _________________________________________________________ > Do You Yahoo!? > "用雅虎搜索,找到关于奥斯卡的一切" > http://cn.search.yahoo.com/search/cn?p=%b0%c2%cb%b9%bf%a8 -- Ralf Spenneberg RHCE, RHCX IPsec/PPTP Kernels for Red Hat Linux: http://www.spenneberg.com/.net/.org/.de Honeynet Project Mirror: http://honeynet.spenneberg.org Snort Mirror: http://snort.spenneberg.org
