[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Firewall with only one NIC

From: Kevin Colby <kevinc grainsystems com>
To: Stephen Torri <s torri lancaster ac uk>
Cc: redhat-install-list redhat com
Subject: Re: Firewall with only one NIC
Date: Thu, 14 Sep 2000 10:25:04 -0500

Stephen Torri wrote:
> 
> I was wary about doing this because of what I believe would be true.
> That is the packets are already at their destination and so does a
> firewall really work.

The packets have reached their destination address, but the kernel
has not yet allowed their contents to be processed until they clear
the IP Chains rules.  The firewall does work.  Nothing magic happens
just because the packets have reached the NIC.

> It would be interesting if there could be a guard added to all
> incoming packets.  The packets would come in from the network,
> hit the guard (who runs firewall rules against them) and either
> allows them transport or drops them.  Packets going out have to
> do the same thing. No packets could circumvent the guard.

Yes.  We have such a thing and call it IP Chains.

	- Kevin Colby
	  kevinc grainsystems com

References:
- Re: Firewall with only one NIC
  - From: Stephen Torri

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]