ACLs vs. full firewalls

• Previous message (by thread): ACLs vs. full firewalls
• Next message (by thread): ACLs vs. full firewalls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2009-04-08 at 10:46 +1200, Nathan Ward wrote:
> > I'd be interested to hear why people use firewalls.

> End hosts are not always trustworthy.
> 
> If a host is compromised, should it be able to send anything and  
> everything out to the public network?

A packet filter looks at the "top surface" of the packet, and processes
the packet accordingly - based on things like the protocol, the source
address, the destination address, the TCP flags and so on.

A firewall, on the other hand, makes decisions based on knowledge about
the data being carried.

I.e., firewall != packet filter; my question related to firewalls.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20090408/2574ed94/attachment.sig>

• Previous message (by thread): ACLs vs. full firewalls
• Next message (by thread): ACLs vs. full firewalls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]