On Sun, Jun 01, 2003 at 09:52:38PM -0500, Jimi Thompson wrote: > If you need routing gear, check out an open source project called > Freesco.
It is my understanding Freesco is based on the 2.0.x series of kernels. This means whatever firewall they provide is not going to be a stateful firewall. There are many benefits to a stateful firewall. In short, they require viewing the TCP session setup packets before allowing the follow-on TCP packets through the filter. Stateless firewalls cannot make this requirement -- they typically filter only the session setup packets! This means specially-crafted packets can slip right through the firewall. I don't know how big a concern this is for the original poster's organizaion.. I _do_ know that stateful firewalls are just that much nicer, so I'd recommend something newer than the freesco project. :) -- "Learning curve encryption is much more powerful than eliptical curve encryption." -- Alan Olsen
pgp00000.pgp
Description: PGP signature
