From: Krish Ahya > I was just wondering, is Netfilter as good as Cisco's PIX and Checkpoint's Firewall-1, if not better?
its hard to compare apples with pears.. one is a firewalling system.. netfilter is more or less a packet filter.... > Also I'm wondering say if I have a dmz and allow people to come into a server on port 80, will netfilter inspect the packet on all > 7 layers of the OSI model and make sure that it is actually a http packet and following the rules and protocol specifications of > http? Sorta like checkpoints INSPECT module. as netfilter is "only" a packet filter (with some additional modules to provide more functions) you will stick with stuff like string match and all modules you would like to provide the netfilter community (if you code them yourself)
