Firewalls

First firewall is 1988 by DEC and did simple packet filtering.
Packet filtering is just looking a at a packet and deciding to forward or not.
	Can base decision on 
		* MAC addresses
		* IP addresses
		* IP flags (consider the syn flag)
		* TCP/UDP port numbers
			WHat happens if the application moves or hides
		* Application header information
			Attempt protocol recognition
				What about encryption?
					What about torrents?
			HTTP stuff
			FTP stuff
			Email filter might block spam, virii, porn, etc
	Can be stateful or stateless
		Stateless if each packet is decided by that packet
			Easier, quicker
		Statefull if history is needed to make a decision
			More powerful
			Slower
			Allows things like 
				Only accept packets where we started the connection
				Rate limiting and DDOS fighting
	Can be default-accept or default deny or default reject



Application Proxies
	Write a server that receives requests
		Use different codebase, different libraries, different pprogrammers, different language
	Have it ask the real server to perform the service
	Relay the reply



Can be defeated by an unknown-to-sysadmin modem.
Is not the be-all-end-all of security.  Consider airport security.
Often combined with spam filters, servers, virus checkers, http caches, etc.

Assume you're an ISP.
	Should you be default-deny or default-accept or default-reject?
	What protocols should you filter?
	Should you filter outbound packets?