> > Don't forget that ipchains configures a packet > filter in the kernel, > > not a 'real' firewall. > > It's used for dealing with packets, yes, I know. But > what other types of > firewalls are there? Pardon my ignorance, but all I > know on the subject > of 'firewall' is 'packet blocking'. :)
There are, I believe, proxying firewalls, which work on the connection level, as opposed to the packet level. And I should know since I have written a couple of proxies ;) The typical example of why you would need a proxy is FTP: the client opens a "control" connection (typically on port 21) and sends an address and port to the server on which the server opens a "data" connection to send the file(s). A "mere" packet filter cannot handle this which I believe is why the Linux kernel has a FTP module to handle this. I'm not sure how well it works though, I recall seeing some posts in the archives asking for a better FTP proxy... That is actually the reason I've been lurking on this list; I've been thinking of putting together a Debian-based proxying firewall (or preferably a "Router/Firewall" option in the Debian installation) and I wanted to get a feel for what happening in this space... If anyone is working on something like this I would very much like to know! Regards, /r ===== Rickard Lind, NTier Solutions AB Please reply to: [EMAIL PROTECTED] _____________________________________________________ Do You Yahoo!? [EMAIL PROTECTED] - skaffa en gratis mailadress p� http://mail.yahoo.se
