Re: stateful inspection

Michael H. Warfield Tue, 23 Jan 2001 10:32:25 -0800
On Tue, Jan 23, 2001 at 11:40:32AM -0500, Jose Nazario wrote:
> On Tue, 23 Jan 2001, Rohit Gupta wrote:

> > Is there any way out we can design a firewall using ipchains which
> > facilitates stateful inspection and url screening for Red Hat Linux
> > 6.1

> IPchains doesn't natively have stateful inspection, but if you add spf to
> the ipchains mix you can get it:

> http://packetstorm.securify.com/linux/firewall/spf-2.0.3.tar.gz

> and upgrade to at least RH6.2 with patches, 7 if you are daring (and have
> patches downloaded). some would tell you to upgrade to 2.4.0 and iptables,
> but that's a bit daring at this point -- it's too new to trust.

        A couple of other people have rightfully pointed out that
"stateful inspection" the buzz word is not "stateful packet filtering"
as we take it to be.  I also incorrectly mixed those terms and I stand
corrected.  SPF provides statefulness to IPChains and provides some
limited stateful packet filtering.  It does not provide "Stateful
Inspection(tm)".  It remains an open question as to whether the original
requestion was also mixing up the terms and asking for "stateful inspection"
when he was merely looking for "stateful packet filtering".  If so, then
your message and mine and others do address the question.  If he was not
mixing the terms and he was specifically looking for this particular
type of firewall, then we did not address the question properly.

        "Stateful Inspection" != "stateful packet filtering"

        Thank you to the individuals who pointed this out.

        One person pointed out something that, in my mind, distinguishes
the two.  They stated that "stateful inspection" also applies ACLs
to the filters and filter generation.  SPF and other stateful filters
do not currently do this.  Netfilter should be capable of this with
some additional user land applications to drive the process, but
I'm uncertain about the "state" of those.  :-/

> ____________________________
> jose nazario                                               [EMAIL PROTECTED]
>                    PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
>                                      PGP key ID 0xFD37F4E5 (pgp.mit.edu)

        Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  [EMAIL PROTECTED]
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Re: stateful inspection

Reply via email to
