On 03/25/08 14:56, Benny Amorsen wrote:
Anyway, with the Level-7 match or Deep Packet Inspection or whichever
buzz words you prefer, packet filters are closer in capabilities than
ever before. At the same time application level proxies are faster
than ever before. It's hard to pick a winner.
Very good point.
I suppose one thing to think about is who is going to maintain what.
Developers would probably be able to maintain (add / change / delete
rules) an ALG better where as network administration staff would
probably be able to maintain a hardware firewall better. Of course, why
not use some of each. Use the hardware firewall for the lower end
simpler aspects of it while using the ALG for the higher end more
specific aspects. Let the hardware ASICs do what they do best while
letting the ALG do what it does best.
Grant. . . .
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
