Dear experts, How would one classify netfilter? Its seems there are at least 3 categories of firewall: 1) packet filter (stateless filtering) 2) stateful filter 3) appliaction-level filter (aka. proxy filter) most literature, seems to refer to netfilter as a packet filter. >From the main netfilter website and the man pages it appears it can be classified as a stateful packet filter. However, I also see it can do deep packet inspection at the application layer with the L7-Filter module and from what I can tell, with the normal String match module. So, can netfilter be classifed as a proxy firewall as a default classification. I can clearly see (well at least for the first 2 classifications) that netfilter can play various roles depending on your requirements. That is it can be either of 1,2 or 3 defined above. Any opinions or comments on helping me pigion hole Netfilter/iptables. Perhaps stateful filter implies packet filter also. regards, Tom. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html