On 2002/10/28 10:30, Shachar Shemesh wrote:
> no true "state" is kept (for example - no proper tracking of
> connection's state, no ability to limit packets based on
> packets seen so far on the same connection)
Regarding this specific feature, which you listed as missing from
netfilter: the curr
on application needs and performance issues.
ok, my comments are bellow:
> -Original Message-
> From: Oded Arbel [mailto:oded@;typo.co.il]
> Sent: Friday, November 01, 2002 11:18 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: big question: FW-1 VS. Linux
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
áéåí ùðé, 28 áàå÷èåáø 2002, 08:00, Tzahi Fadida ëúá òì 'RE: big question: FW-1
VS. Linux security tools':
> Netfilter is not yet there because of the gui and tools fw-1 has and
> linux don't.
Hetz specificly asked not to fac
The answer is "it depends".
NetFilter is up to the basics stateful firewall capabilities. The main
problem with Net Filter is that it is over configurable. It will assume
nothing, thus leaving the entire configuration to you. Everyone in this
list who know the TCP state table well enough to rei
rom: [EMAIL PROTECTED]
> [mailto:linux-il-bounce@;cs.huji.ac.il]On Behalf Of Oded Arbel
> Sent: Monday, October 28, 2002 7:20 AM
> To: Hetz Ben-Hamo; [EMAIL PROTECTED]
> Subject: Re: big question: FW-1 VS. Linux security tools
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
áéåí ùðé, 28 áàå÷èåáø 2002, 00:16, Hetz Ben-Hamo ëúá òì 'big question: FW-1
VS. Linux security tools':
> As it stands today - can Linux be considered to be FW-1 replacement? how
> much Linux tools (iptables, etc) can do and what can't they do compared
