Differences between a simple packet filter, and a firewall...
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Differences between a simple packet filter, and a firewall...
Lately I've been reading some guides on Firewalls/Packet Filters (Using IPTables, etc.)...What I don't get is what is different between a Firewall and a Packet Filter. I've always been under the assumption that a Packet Filter _is_ a firewall...
I've also read somewhere that a Packet Filter is easier to breakin/get past than a firewall....
basically, what kind of filtering and differences are there on a firewall than there is packet filtering....as i said, ive always thought the two were basically the same.
The word firewall has been so generically applied that it gets confusing reading reviews and such.
There are three main approaches to firewalling:
1. Packet filter - this simply compares the address and port info of a packet against a set of rules. example: allow incoming port 80.
2. Stateful Packet Inspection - this is the same as the above, but it maintains a table in memory of the 'state' of connections. Works in layer4 (if you're a OSI guy) mostly but will have a peak into Layer 7 (application layer) when a session is started. This makes several sorts of 'spoof attacks' fail, where they coiuld possibly succeed against a 'dumb' packet filter. All ICSA devices fall into this category.
3. Application proxies - these are the most secure but they are a lot slower. All traffic (Layer 7) is inspected, You could allow or disallow a specific command in ftp ( you could disable cd for example). The disadvantage here is that you need a proxy for every service (ftp, http, etc, each get their own), well the speed can be a problem depending on the service and traffic.
If you do not understand howto setup a good iptables firewall, there is a generator at hideaway.net that makes decent firewalls. You put in your information about your network, and then tell the script what you want to do, and it generates one for you. I liked these firewalls when I was starting with IPtables, but when you need to get very advanced you will have to write you own.
Distribution: Emacs and linux is its device driver(Slackware,redhat)
Posts: 1,398
Rep:
Quote:
Originally posted by MrJoshua If you do not understand howto setup a good iptables firewall, there is a generator at hideaway.net that makes decent firewalls. You put in your information about your network, and then tell the script what you want to do, and it generates one for you. I liked these firewalls when I was starting with IPtables, but when you need to get very advanced you will have to write you own.
I dont agree that a packet filter is easier to break in than a true firewall device (also packet filtering). THere are so many variables in this its hard to answer ...
The difference between a packet filter and a true firewall per say is the firewall will keep track of outgoing connections and allow the established connections to return and filter inbound connections to specific addresses and ports ... a packet filter normally is filtering inbound (or outbound) connections and thats it ... just a basic filter. So, is one more secure than the other ... both can be vulnerable depending on what device and operating system the firewall/filter is running ... and also how they are configured. However, the most important factor in the port you have opened up to the resource you want to protect! Once you open up a port ... then it becomes an issue with the device residing behing the firewall/filter .... follow me?
Hey all, I'm no hardcore security and all... this is also my first attempt at actually helping someone with my "knowledge" so I am a bit apprehensive... but here's my thought anyway.
I don't klnow if it's any good but Bastille has the ability to create a firewall for your based on the input that you provide... I don't know if that is any help, or if it's even any good. Maybe someone can actually tell me the answer to that one...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.