Open alevere opened 4 years ago
I would consider a 'redirect' more of a routing function than a packet filtering function, but defer to the subject matter experts.
As I described in the plugfest, the redirect command of firewall capability should be considered a cyber defense functionality. It would be easier to think redirect "as part of a contain function" to understand its value. A redirect fulfils multiple scenarios that traffic needs to be redirected somewhere for the purpose of cyber defense.
If in your infrastructure you want to redirect traffic for cyber defense and you have the capability to do that onto a firewall you wouldn’t want to mess up with the routing tables of your networking devices. Many firewall technologies support redirecting traffic.
-Vasileios
IN that case I stand corrected, perhaps we should consider pcap and redirect. Question, do you consider this within the scope of a stateless packet filter? My instinct says yes because the 'stateless filtering' refers to the criteria to act (or not act) on the packet.
Thoughts?
I propose we consider adding redirect and copy as actions for an SLPF. IPTables, for example, does support a forward table. Other products allow traffic to be duplicated.