On Thu, May 17, 2012 at 9:18 PM, Girish Venkatachalam < [email protected]> wrote:
> Finally a firewall is what I talked about. Now in Linux people are > confused bringing in userland, > SIP and FTP rewriting, mixing userland and kernel and so on. > > That is not a true firewall... > There are distinct advantages of dealing with userland in terms of stability, keeping kernel small and not bloated etc. A firewall is not determined by whether it is done in kernel or userland. E.g a L7 or protocol filter is good in userland. Some dual port (negotiated data ports) applications will need to write packet filter rules to let those connections work. It has nothing to do with the firewall being true or not. In general, packet filtering is done well in kernel but when higher level protocols need to come in, you will find such interactions. -- Mohan Sundaram _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
