On 3 Jan 2001, at 16:33, David Douthitt wrote:
> I'm thinking about this some...
> Thinking on this, the Fence idea makes all the problems we've seen:
> you not only have to allow one way but also the other.
>
> The Network Idea simplifies things slightly, but creates the problem
> in that the "Network" does not include the concept of where the
> transmission originates or ends. When a session arrives, wanting to
> enter the network, some things must be known about it, and aren't
> necessarily according to the conceptual idea of a network.
>
> A Path (Session?) conceptual idea contains all these. A Path object
> would have the following properties:
Another problem with other ideas is the Proxy. Then a "session"
"originates" at an unprotected World client, and "ends" at the proxy;
so a firewall chain requires FOUR rules, to match the proxy with both
ends.
A Path would combine all four rules into one, claiming it as a Proxy.
A Network concept rules out proxies all together, since the proxy is
not really a part of any Network in this ideology.....
--
David Douthitt
UNIX Systems Administrator
HP-UX, Linux, Unixware
[EMAIL PROTECTED]
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/leaf-devel