On Sat, Mar 22, 2008 at 10:50 AM, Ed Flecko <[EMAIL PROTECTED]> wrote:
> I have not yet fully researched the PF functionality of OpenBSD, so > I'm therefore guessing that the PF feature adds "stateful packet > inspection" to an OpenBSD box. > > With that assumption, I guess I'm thinking PF and Squid (which works > at the application layer of the OSI stack) would make a pretty > formidable firewall. > > I wonder if PF would analyze the incoming data stream first and then > Squid, or would that be Squid first and then PF? On these types of questions, it'll be good to try to answer them yourself first. Where does PF work? Is PF part of the kernel, or a separate application? If it's part of the kernel, would it hand off to an application, and come back, or would it do everything first, then hand off to an application? -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk "This officer's men seem to follow him merely out of idle curiosity." -- Sandhurst officer cadet evaluation. "Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted." -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related
