ACLs vs. full firewalls
Karl Auer
kauer at biplane.com.au
Tue Apr 7 23:20:34 UTC 2009
On Wed, 2009-04-08 at 10:46 +1200, Nathan Ward wrote:
> > I'd be interested to hear why people use firewalls.
> End hosts are not always trustworthy.
>
> If a host is compromised, should it be able to send anything and
> everything out to the public network?
A packet filter looks at the "top surface" of the packet, and processes
the packet accordingly - based on things like the protocol, the source
address, the destination address, the TCP flags and so on.
A firewall, on the other hand, makes decisions based on knowledge about
the data being carried.
I.e., firewall != packet filter; my question related to firewalls.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)
GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20090408/2574ed94/attachment.sig>
More information about the NANOG
mailing list