Dear List,1. not every commercial FW incorporates stateful inspection
what features does Bering have thinking of "stateful inspection" ?
Every (commercial) FW does have a feature named "stateful inspection".
Whats about Bering ?
To prevent a discussion about "What ist stateful inspection ?" As far as
I know, it is nothing strictly defined, more a marketing name of Checkpoint.
Currently I got the task to connect 4 departures via VPN. I (obviously ;-)) tend to do it with Bering, so I need arguments belonging stateful inspection. The customer currently tends to do it by a cisco-firewall or something similar...
What appearently belongs to "stateful inspection" is "conntracking". "Synflood protection" too ? I use Bering 1.0, therefor I don't know all new features...
Thanks alot for hints !
2. according to the NIST "Guide to Firewall Selection and Policy Recommendations" a stateful inspection fw is a packet filter that incorporates added awareness of the OSI data model, maintaining a stateful connection state table. Please refer to the Guide for a very clear explanation.
3. the iptables/shorewall based Bering distro contains all what you need for your task.
Regards
Franco
--
Franco Segna - [EMAIL PROTECTED] Keys server wwwkeys.pgp.net Key fingerprint = 704C 3070 70A0 680A 760D 025E D849 02AB 2309 87A3
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
