Well,
From the looks of the iptables project (the next generation of netfilter),
it is statefull, "fairly" stable (accepted into the 2.4.x kernel), and the
little demo of it I saw at SANS 2000, absolutely kicked ass. Unfortunately
IPFilter is not a reality for the 2.1.X+ kernels on linux ;(
For more info on iptables, check out http://www.samba.org/netfilter/
-Igor
PS They even clamed they figured out a way to do statefull ICMP, which
Checkpoint hasn't even done yet <G>
At 08:03 PM 4/13/00 -0700, Aaron C. Springer wrote:
>Sounds good, I am not qualified to help... wish I was..
>
>So, does that mean that the most stable most "stateful" open source packet
>filter code is in fact ipfilter?..
>
>acs
>
>On 14-Apr-00 [EMAIL PROTECTED] wrote:
>> "Aaron C. Springer" <[EMAIL PROTECTED]> wrote:
>>> Great!
>>>
>>> Where is it at?
>>
>> I'm afraid it's on a server that is down during my relocation to
>> California. I expect to have it back up near the end of April. I warn
>> you now however that it is NOT pollished yet. Little docs etc. You
>> have to have a little technical initiative to get started with it.
>>
>> While it does work, it could benefit from further development...
>> something I hope to get some more time to do.
>>
>> b.
>>
>> -
>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>> "unsubscribe firewalls" in the body of the message.]
>
>
>_______________________
>Aaron C. Springer
>[EMAIL PROTECTED]
>pgp key published
>_______________________
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
