thanks the Layer 7 Classifier seems good..but...
OK sure it can detect protocols on unpredictable ports, but since I have, inevitably, Win PCs on the network, can it distinguish between port 25 traffic coming from say, Outlook, and those that are not? Or allow port 80 only from trusted browsers? (OK haven't read the HOWTO yet... )
Any answer to my last question?
Thanks
Steve
>From: "Conrad Laus" <[EMAIL PROTECTED]>
>Reply-To: Malta Linux User Group - general list <
[email protected]>
>To: "Malta Linux User Group - general list" <
[email protected]>
>Subject: Re: [LINUX.ORG.MT] iptables
>Date: Tue, 22 Mar 2005 17:19:46 +0100
>
>Hi Steve,
>
>have a look here - http://l7-filter.sourceforge.net/
>
>Simply put, "iptables does not distinguish between traffic at the application layer" - NOT TRUE!!
>
>Please, please, please - XP with SP2 a software firewall??!! Check this out for the definition of an oxymoron...
>http://teenwriting.about.com/library/glossary/bldef-oxymoron.htm ...sorry Iain I beat you this time :-)
>
>Regards
>Conrad
>
>----- Original Message -----
> From: Steve Camilleri
> To:
[email protected]
> Sent: Tuesday, March 22, 2005 4:21 PM
> Subject: [LINUX.ORG.MT] iptables
>
>
> Hi all,
>
> I may not be up to scratch but I've been reading that an IPtables firewall is classified as a "hardware firewall" and has a severe disadvantage in that it does not distinguish traffic on the application level, and this could lead to malicious traffic from within. How true is this?
> For example one inadvertently downloads a trojan by mail on allowed port 25. This program can then access the net via port 25 or 80 etc.. and spread itself etc..
> Is it possible to make iptables restrict which applications can use a specified port?
> XP with SP2 (a "software firewall") can do this so I'm sure that there must be a way around with linux...
>
> and with hype about products like this
> http://www.checkpoint.com/products/interspect/index.html
> ...are they really needed??
>
> Bil Malti, if my company needs to implement a good security system for 50+ PCs, can we feel safe-ish with a dual NIC Linux box in front, with a good set of iptables rules?
> Is this better/worse than a dedicated firewall/router box (tipo Linksys VPN firewall etc..)??
>
> Thanks guys
> Steve
>
>
>------------------------------------------------------------------------------
> Express yourself instantly with MSN Messenger! MSN Messenger Download today it's FREE!
>
>
>------------------------------------------------------------------------------
>
>
> _______________________________________________
> MLUG-list mailing list
>
[email protected]
> http://mailserv.megabyte.net/mailman/listinfo/mlug-list
>_______________________________________________
>MLUG-list mailing list
>
[email protected]
>http://mailserv.megabyte.net/mailman/listinfo/mlug-list