Steve Graegert wrote:
On 1/12/06, Per Jessen
wrote: Kai Ponte wrote:
First, I would disagree with using ZA as a software firewall. Actually, from all I've read/seen, a good hardware firewall is all you should need. (Provided it is configured correctly.)
Kai, a hardware firewall is nothing but a blackbox running a software firewall.
Partially true,
Isn't it actually _completely_ true? Unless we've got a manufacturer with a box with a TCP/IP stack implemented as an ASIC, the firewall has got to be software. Splitting hairs, I know, but still.
but most poeple (just as I do) understand the term "hardware firewall" as an advanced piece of hardware, application-level firewall and not just a simple port filter, which is what effectively every "software firewall" is doing.
Perhaps it's a matter of who "most people" are, but a firewall, whether hardware or software, is not much more than a port-filter. OK, with a few bells and whistles for detecting and dealing with certain kind of attacks (e.g. DoS). If I take a 486, install Linux and a decent iptables setup, I've got myself a solid hardware firewall - except of course, the firewall is really a software firewall. /Per Jessen, Zürich