Re: Firewall Primitives

[George Capehart <capegeo () opengroup org>]

Crispin Cowan wrote:
> George Capehart wrote:
>
> > This is interesting.  So, a firewall really should/could/might be a
> > multi-layer, multi-protocol switch . . .
> But of course. That's all firewalls ever were, but marketing hates it
> when people discover that :)

Doh!  OK, I'll buy that.  I'd really (in my own way) seen firewalls as being
more like band-pass filters.  But that's probably another discussion.  When
I wrote "switch" I was really thinking "router."

:/g/switch/s//router/g

It really did seem that he was suggesting that the firewall actually
actively route, as opposed to "look at the packet and drop it if it doesn't
like it . . ." ;-]  So, I really meant to use the term router.  That is a
step beyond the "throw it in the bit bucket if I don't like it" function
that is is a better fit for what mjr seemed to be describing.  Of course, I
don't want to put words in his mouth . . .  ;-)

/gc
--
George W. Capehart

"We did a risk management review.  We concluded that there was no risk
 of any management."  -- Dilbert
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards