From owner-freebsd-security  Thu Oct 29 11:42:20 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA11161
          for freebsd-security-outgoing; Thu, 29 Oct 1998 11:42:20 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from carp.gbr.epa.gov (carp.gbr.epa.gov [204.46.159.110])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA11134
          for <freebsd-security@freebsd.org>; Thu, 29 Oct 1998 11:42:14 -0800 (PST)
          (envelope-from mjenkins@carp.gbr.epa.gov)
Received: (from mjenkins@localhost)
	by carp.gbr.epa.gov (8.8.8/8.8.8) id NAA13229;
	Thu, 29 Oct 1998 13:42:05 -0600 (CST)
	(envelope-from mjenkins)
Date: Thu, 29 Oct 1998 13:42:05 -0600 (CST)
From: Mike Jenkins <mjenkins@carp.gbr.epa.gov>
Message-Id: <199810291942.NAA13229@carp.gbr.epa.gov>
To: junkmale@xtra.co.nz
Subject: Re: Connections succeed even though denied by IPFW
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <199810291807.HAA15796@witch.xtra.co.nz>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> From: "Dan Langille" <junkmale@xtra.co.nz>
> Date: Fri, 30 Oct 1998 07:07:59 +1300
>
> Is it correct to assume that firewall proxies are not suspectible the same 
> problem?  I don't think so.  That's why I'm curious as to why Chapman 
> mentions packet filtering, not proxies.

Chapman's paper was about using packet filters for network security and
was not about firewalls.  It may have been sort of pre-firewall days (1992).

See the Firewall FAQ (http://www.interhack.net/pubs/fwfaq/) for more info
on firewalls.

Mike

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message