Duplicating exactly the FW-1 functionality in an opensource project is not
practical, due to a patent on stateful inspection. This gives the FW-1 product
the ability to open specific ports that would normally be blocked, because, for
example, an FTP protocol request required that port. If you wanted to support the
same protocol with a static packet filtering firewall (such as IPChains), either
this, or probably a lot more, ports would have to be permanently open. To the
best of my understanding, hoping to get a license to implement a patent in an
open source project is almost always impossible (with the RSA example as an
exception, and a rather weak one at that).
It may be possible to bypass the patent by employing some sort of traffic sniffer
that changes the rules on the fly. This greatly depends on the exact wording of
the checkpoint patent.
Shachar
Ben-Nes Michael wrote:
> Hi All
>
> Can an open source, free programs in one way or another get to the level of
> option that FW-1 have ?
>
> Shachar Shemesh wrote:
>
> >
> > Regarding the commercial products available - I know FW-1, and it has very
> > high capabilities (it has a finer enforcment capabilities than simply using
> > IPChains).
>
> --------------------------
> Canaan Surfing Ltd.
> Internet Service Providers
> Ben-Nes Michael - Manager
> Tel: 972-6-6925757
> Fax: 972-6-6925858
> http://www.canaan.co.il
> --------------------------
>
> =================================================================
> To unsubscribe, send mail to [EMAIL PROTECTED] with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail [EMAIL PROTECTED]
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
