William Wise <will at digitalelite.com> wrote: > I'm thinking about filtering on the firewall. It's possible to open > port 80 on a firewall but filter non-http traffic. The big benefit to > HTTP/XML/SOAP in the webservices architecture is that it allows > cross-platform messaging through firewalls whereas the ports commonly > associated with IIOP, DCOM, and RMI are generally blocked by firewalls. > More intelligent filtering could disallow simple fnp over http but I'm > wonder if using SOAP would make such filtering harder to implement since > alot of "legitimate" traffic will be flowing across and it would be > painful to have to block all SOAP traffic. > > I'm not sure if this notion stands up under scrutiny or how easy it > would be to block a particular kind of SOAP traffic so I was hoping for > some input from you folks who know more than I about these issues.
>From what I understand, most firewalls in current use filter based on the port number only and don't look inside the traffic. If we get to the point where firewalls do start looking inside the traffic, as others have noted they would be just as likely to block FNP-SOAP-HTTP as plain FNP. In any case, if we did want to start going down this road it would be simpler to take an off-the-shelf firewall-tunnelling scheme (I'm sure there must be millions) and just put FNP through it. theo _______________________________________________ Devl mailing list Devl at freenetproject.org http://www.uprizer.com/mailman/listinfo/devl
