[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why won't you just shut up?

To: brian <brian@bsd.org.il>
Subject: Re: Why won't you just shut up?
From: Anders Arnholm <Anders@Arnholm.nu>
Date: Fri, 1 Jun 2001 14:45:53 +0200 (CEST)
Cc: tech@openbsd.org

On Fri, 1 Jun 2001, brian wrote:

> And no, to that dude who wanted a layer 7 filtering
> support in the new firewall, I can assure you it

On the contrary, at this moment when the future are a little uncertan is the
best moment to think about what possible need there maybe on the firewall. It's
a good input to selecting possible candidates to work from.

I would like to see a packet filter that are state full, fast and that are simple to add support for different new protocolls in. A rule as:

pass in proto ftp from 192.168.99.16/24 keep state

That makes the new incomming data connection work too would be very usefull in
some locations. Yet still we should keep the overhead to a minimum so that we
don't loose the possibility to filter on highspeed connections. The firt rule
may be VERY usefull on the external firewall connected to the internet line as
this usally are aloot slower than the internal connection, especially when
working togeather with the NAT translation. I personally think that it should
possible to add the possiblity so that it dosn't add any big overhead if it's
not in use.

/ Balp, (any yes I think this area is intresting and hope that I will get some
         time after summer to put into coding.)
-- 
      o_   Anders Arnholm,               HiQ - Consultant
 o/  /\    anders@arnholm.nu             Phone  : +46-703-160969
/|_, \\    http://www.arnholm.nu/~balp/  http://www.hiq.se
/
`

References:
- Why won't you just shut up?
  - From: brian <brian@bsd.org.il>

Prev by Date: Re: Why won't you just shut up?
Next by Date: From OpenBSD user......
Prev by thread: Re: Why won't you just shut up?
Next by thread: Re: Why won't you just shut up?
Index(es):
- Date
- Thread