Re: What category of Firewall does Netfilter fall under?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2009/8/26 tom murphy <tommurphy105@xxxxxxxxx>:
> Dear experts,
>
> How would one classify netfilter?
>
> Its seems there are at least 3 categories of firewall:
> 1) packet filter (stateless filtering)
> 2) stateful filter
> 3) appliaction-level filter (aka. proxy filter)

And as outlined by yourself and below by me... ipt is atleast 2 of the 3.

[snip]
> Any opinions or comments on helping me pigion hole Netfilter/iptables.
> Perhaps stateful filter implies packet filter also.

Just my personal opinion but for a firewall to be a stateful firewall
it must by definition carry out packet filtering.

iptables in its base form is a packet filtering firewall. Add the
conntrack support and it becomes a stateful firewall. Add the advanced
matching abilitiy and the L7 capability and it becomes an application
firewall.

I'd be inclined though to classify ipt as a stateful firewall though
for most uses as the application firewall ability is provided by
additional components and may, depending on definition, not fully
qualify as an application firewall.





-- 
Richard Horton
Users are like a virus: Each causing a thousand tiny crises until the
host finally dies.
http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
http://www.pbase.com/arimus - My online photogallery
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux