Dave Harris wrote
> source code? no problem!
>
> i'll just need a few tanks, a couple of stinger missiles and a
> small tactical nuclear weapon to fend off the israeli
> army first
You seem to believe that only checkpoint has stateful inspection.
But that's fortunately untrue.
If stateful inspection is a word yo use to define FW1, then FW1 is
indeed a proprietary product by Checkpoint [by proprietary, I mean
it's quite impossible to get the source code ...]. But
words do not belong to companies (at least, I hope!), even if their
marketing staff tries hard to enforce that..., even if the company
pushes its agressivity to patent words and phrases.
At the best of my knowlede, stateful inspection means that a packet
filter checks IP packets, and keeps state information so as to allow
future packets that are considered as responses to legitimate packets.
Simply put, if you allow an outgoing packet to some given addr and port
(if port is meaningful), then you'll keep this info, and when you say a
packet coming from that addr an port, you allow it. In the case of TCP,
the filter can do better by checking TCP state. For other protocols, a
timeout is used to "finish filtering sessions".
stateful inspection is implemented in both commercial products and in
non-commercial ones (it's hard to find a word for non-commercial due to
the existence of too many ambiguous terms such as free, public domain, gnu,
open source, ... Though the terms are not ambiguous by themselves, there
are a lot of confused people).
sources of stateful packet filters? get yourself a copy of IPFilter.
See http://coombs.anu.edu.au/~avalon/ip-filter.html for more infos.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
