From mboxrd@z Thu Jan  1 00:00:00 1970
From: Benny Amorsen <benny+usenet@amorsen.dk>
Subject: Re: Query: Can Netfilter inspect xml soap traffic
Date: Tue, 25 Mar 2008 20:56:55 +0100
Message-ID: <m3abkmy3ug.fsf@ursa.amorsen.dk>
References: <47E913B6.4080004@tssg.org> <47E92B5A.5030903@riverviewtech.net> <47E93099.9010602@tssg.org>
Mime-Version: 1.0
Return-path: <netfilter-owner@vger.kernel.org>
Sender: netfilter-owner@vger.kernel.org
List-ID: <netfilter.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: netfilter@vger.kernel.org

william fitzgerald <wfitzgerald@tssg.org> writes:

> "Is Netfilter obsolete in an Enterprise Web Service Environment"
> please let me know.

The discussion about whether packet filters really deserve the word
"firewall" applied to them goes back at least as far as mid 90's. You
can probably find flame wars with Gauntlet and Raptor Eagle/Symantec
Enterprise Firewall on one side and Firewall-1 and PIX on the other.

Anyway, with the Level-7 match or Deep Packet Inspection or whichever
buzz words you prefer, packet filters are closer in capabilities than
ever before. At the same time application level proxies are faster
than ever before. It's hard to pick a winner.


/Benny