[1682] in linux-net channel archive
Re: Linux router
daemon@ATHENA.MIT.EDU (Harald Milz)
Wed Jan 24 16:27:23 1996
Date: Wed, 24 Jan 96 08:20 MET
From: hm@seneca.linux.de (Harald Milz)
To: linux-net@vger.rutgers.edu
Chris Woods (cjwoods@gigotech.net) wrote:
>
> I recommend Trusted Information Systems' fwtk. Check out
> ftp://ftp.tis.com, it's in there somewhere. (fwtk == FireWall ToolKit)
> fwtk is an application-level gateway, and probably not appropriate if you
> intend to sell access to the 'net through it. Perhaps ipfilter would be
> better, a filter-based solution rather than a proxy-based solution.
If you want to have _some_ security, you must have both: a packet filter and
a proxy application gateway. BTW does the Linux packet filtering code in
the latest 1.3.50s still sort firewall entries iaw some algorithm instead
of allowing the sysadmin to have full control over the sequence of the
filter entries? Alan?
--
Harald Milz (hm@Linux.DE)
You can only live once, but if you do it right, once is enough.
