[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] CheckPoint on Linux (is iptables doing the work)?



Tom Tucker wrote:
>
> Hello all!  Does the Checkpoint software  on Linux use ipchains/iptables
> or is it using something in the CheckPoint software?

In short:

IPchains is stateless packet filtering

IPtables is stateful (dynamic) packet filtering

CheckPoint is stateful (dynamic) packet filtering with inspection plus a
few proxies ("ressources" / "security servers")

see e.g. http://www.wyae.de/secure_gateway/gateways.html

Bye
        Volker

--

-------------------------------------------------------------------
[email protected]                                 discon GmbH
IT-Security Consulting                           Wrangelstrasse 100
http://www.discon.de/                         10997 Berlin, Germany
-------------------------------------------------------------------
PGP-Fingerprint: 5323 a4f7 a7c2 b8ef 4653 05ce d2ea 2b74  b94c c68e

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================