Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I haven't heard "slug" before, is that your own phrase? It sounds like you've implemented what's known as a stateless transparent firewall if I'm understanding what you've said correctly. Stateless because it's just plain ACLs, transparent because it's not a routed hop/isn't detectable by the client (outside traffic being dropped), and firewall because it's filtering unauthorized traffic. Most people just call it "ACLs" for short though since "stateless transparent firewall" is a bit of a mouthful and "firewall" by itself often implies a routed mode stateful firewall.


"I haven't heard "slug" before, is that your own phrase?"

Yes, although I've been using it for several years when discussing a safety device like this ...

I first discussed a transparent, stateless firewall in 2001 when I wrote a HOWTO for the FreeBSD project:

http://www.kozubik.com/published/freebsd_bridging_ipfw.txt

... although that is hopelessly out of date. Like I said, I keep meaning to do a blog post on this ...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: