On Mon, 20 Mar 2000, Gregory Maxwell wrote:
> On Mon, 20 Mar 2000, Christopher E. Brown wrote:
>
> > A stateless router with stateful filtering is *better*. (Linux 2.4.x)
>
> Please excuse my ignorance here, but.. What the heck does that mean? How
> does it work? Where can I readup on it (beyond the source, I've had my
> fill of Linux networking code with the whole ARP on forign interfaces
> thing)?
It means that the new netfilter stuff can do stateful
filtering (in addition to the current stateless filtering) on a
stateless router.
> Does that mean I can put in two of them in differnt buildings, connecting
> to differnt ISPs (multihomed), and let BGP manage incoming paths, and let
> OSPF manage my output paths, and have links fail and the whole nine yards
> that firewall-1 won't let me accomplish?
Assuming your firewalling needs can be filled by a non proxy
firewall yes.
The major nice point for the new netfilter stuff coming in 2.4
is the addition of stateful (or perhaps better said state aware)
filtering.
Grab a copy of netfilter and its docs and start reading.
---
As folks might have suspected, not much survives except roaches,
and they don't carry large enough packets fast enough...
--About the Internet and nuclear war.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
