On Feb 12, 2008 11:21 PM, Darren Spiteri <[EMAIL PROTECTED]> wrote: > Now we're just getting into semantics. It is not uncommon for a > firewall to operate on layer 7, even with OpenBSD, considering that an > essential component of PF is ftp-proxy. What you call a firewall I > call a screen-router. >
That's interesting. Is that from cisco? I've never encountered that term prior to here, a big time cisco shop. But, to go back to your original topic - a firewall inspects and forwards packets on, irrespective of any application that sits on it - ie, IP based. An _application_ firewall is the one that's layer 7. ftp-proxy is *NOT* an essential component of pf - pf runs fine without that. There is a world of difference between a proxy and something like an > MTA, unless you're using the MTA as a hardened forwarder to protect > your internal. A machine with inn could never be classified as > anything but a honeypot. What's the difference between an MTA that delivers locally and one that delivers to another MTA that delivers locally? Any exploit that gets you shell gets you to both. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk "This officer's men seem to follow him merely out of idle curiosity." -- Sandhurst officer cadet evaluation. "Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted." -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related
