Hi Steve,

have a look here - http://l7-filter.sourceforge.net/

Simply put, "iptables does not distinguish between traffic at the application 
layer" - NOT TRUE!!

Please, please, please - XP with SP2 a software firewall??!!  Check this out 
for the definition of an oxymoron...
http://teenwriting.about.com/library/glossary/bldef-oxymoron.htm ...sorry Iain 
I beat you this time :-) 

Regards
Conrad

----- Original Message ----- 
  From: Steve Camilleri 
  To: [email protected] 
  Sent: Tuesday, March 22, 2005 4:21 PM
  Subject: [LINUX.ORG.MT] iptables


  Hi all,

  I may not be up to scratch but I've been reading that an IPtables firewall is 
classified as a "hardware firewall" and has a severe disadvantage in that it 
does not distinguish traffic on the application level, and this could lead to 
malicious traffic from within. How true is this?
  For example one inadvertently downloads a trojan by mail on allowed port 25. 
This program can then access the net via port 25 or 80 etc.. and spread itself 
etc..
  Is it possible to make iptables restrict which applications can use a 
specified port?
  XP with SP2 (a "software firewall") can do this so I'm sure that there must 
be a way around with linux... 

  and with hype about products like this
  http://www.checkpoint.com/products/interspect/index.html
  ...are they really needed??

  Bil Malti, if my company needs to implement a good security system for 50+ 
PCs, can we feel safe-ish with a dual NIC Linux box in front, with a good set 
of iptables rules? 
  Is this better/worse than a dedicated firewall/router box (tipo Linksys VPN 
firewall etc..)??

  Thanks guys
  Steve


------------------------------------------------------------------------------
  Express yourself instantly with MSN Messenger! MSN Messenger Download today 
it's FREE! 


------------------------------------------------------------------------------


  _______________________________________________
  MLUG-list mailing list
  [email protected]
  http://mailserv.megabyte.net/mailman/listinfo/mlug-list

Reply via email to