On Sun, Jun 01, 2003 at 09:52:38PM -0500, Jimi Thompson wrote:
> If you need routing gear, check out an open source project called 
> Freesco.

It is my understanding Freesco is based on the 2.0.x series of kernels.
This means whatever firewall they provide is not going to be a stateful
firewall.

There are many benefits to a stateful firewall. In short, they require
viewing the TCP session setup packets before allowing the follow-on TCP
packets through the filter. Stateless firewalls cannot make this
requirement -- they typically filter only the session setup packets!
This means specially-crafted packets can slip right through the
firewall.

I don't know how big a concern this is for the original poster's
organizaion.. I _do_ know that stateful firewalls are just that much
nicer, so I'd recommend something newer than the freesco project. :)

-- 
"Learning curve encryption is much more powerful than
eliptical curve encryption." -- Alan Olsen

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to