Sorry for butting in middle of the conversation; and please let me
know if I make an ASS.. out of myself! :)
Can we abstract these networking terms as follow: IS (Intermediate
System), ES (End System) (OSIism here). And for each IS or ES, it
provides one or more SERVICES. HTTP, FTP, Telnet, and Proxy is one of
the services.
Cheers,
Ly
David Douthitt wrote:
>
> On 3 Jan 2001, at 16:33, David Douthitt wrote:
>
> > I'm thinking about this some...
>
> > Thinking on this, the Fence idea makes all the problems we've seen:
> > you not only have to allow one way but also the other.
> >
> > The Network Idea simplifies things slightly, but creates the problem
> > in that the "Network" does not include the concept of where the
> > transmission originates or ends. When a session arrives, wanting to
> > enter the network, some things must be known about it, and aren't
> > necessarily according to the conceptual idea of a network.
> >
> > A Path (Session?) conceptual idea contains all these. A Path object
> > would have the following properties:
>
> Another problem with other ideas is the Proxy. Then a "session"
> "originates" at an unprotected World client, and "ends" at the proxy;
> so a firewall chain requires FOUR rules, to match the proxy with both
> ends.
>
> A Path would combine all four rules into one, claiming it as a Proxy.
>
> A Network concept rules out proxies all together, since the proxy is
> not really a part of any Network in this ideology.....
>
> --
> David Douthitt
> UNIX Systems Administrator
> HP-UX, Linux, Unixware
> [EMAIL PROTECTED]
>
> _______________________________________________
> Leaf-devel mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/mailman/listinfo/leaf-devel
--
"If you find yourself digging a deeper and deeper hole... stop digging."
- Anonymous
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/leaf-devel
