2009/8/26 tom murphy <tommurphy105@xxxxxxxxx>: > Dear experts, > > How would one classify netfilter? > > Its seems there are at least 3 categories of firewall: > 1) packet filter (stateless filtering) > 2) stateful filter > 3) appliaction-level filter (aka. proxy filter) And as outlined by yourself and below by me... ipt is atleast 2 of the 3. [snip] > Any opinions or comments on helping me pigion hole Netfilter/iptables. > Perhaps stateful filter implies packet filter also. Just my personal opinion but for a firewall to be a stateful firewall it must by definition carry out packet filtering. iptables in its base form is a packet filtering firewall. Add the conntrack support and it becomes a stateful firewall. Add the advanced matching abilitiy and the L7 capability and it becomes an application firewall. I'd be inclined though to classify ipt as a stateful firewall though for most uses as the application firewall ability is provided by additional components and may, depending on definition, not fully qualify as an application firewall. -- Richard Horton Users are like a virus: Each causing a thousand tiny crises until the host finally dies. http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats http://www.pbase.com/arimus - My online photogallery -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html