On Feb 13, 2008 2:12 PM, bofh <[EMAIL PROTECTED]> wrote: > On Feb 12, 2008 9:47 PM, Darren Spiteri <[EMAIL PROTECTED]> wrote: > > Firewalls that have proxy software operate as both client and server. > > > This is now going into the silly place. David Higgs told you what is the > definition of network performance used. Why continue on insisting that > yours is the one true way? By your definition, since my "firewall" has > posfix running on it too, a firewall is a mailserver too. And since I have > inn running on it, a firewall is a news server too? A firewall inspects and > routes traffic (unless you're cisco, whose firewall can't route). The fact > that *YOU* choose to add applications to it, and was measuring application > network performance, which is separate and distinct from pure network > performance is _your_ issue. However, you don't get to redefine what's a > firewall.
Now we're just getting into semantics. It is not uncommon for a firewall to operate on layer 7, even with OpenBSD, considering that an essential component of PF is ftp-proxy. What you call a firewall I call a screen-router. There is a world of difference between a proxy and something like an MTA, unless you're using the MTA as a hardened forwarder to protect your internal. A machine with inn could never be classified as anything but a honeypot.