Marcin Antkiewicz wrote:
>I am not the authority on the subject but, if I am correct, the first
>firewalls did not even have packet filters - traffic went through a proxy,
>and protocols that were not supported/proxy friendly were transfered via
>some kind of authenticated IP replay thingey (or was it decnet to IP

It's not sure what the "first" firewalls were, because there were a
fair number of things in play around the mid/late 80's called

Dave Presotto's firewall at Bell Labs involved a mix
of proxies and circuit relays. Brian Reid, Geoff Mogul and Paul
Vixie at DEC West were managing a "firewall" that most of us
today would term a "dual homed gateway" - users had shell
level access and logged into the device, making /bin/sh a rather
open-ended "proxy."

Most of us would call Presotto's system the first true firewall,
but (as you can imagine) there are a lot of people who want to
stake their claim to various pieces of the puzzle.

On a related and somewhat amusing unhistorical note, the
US Patent Office continues to grant patents for proxy
firewalls. At least once (and sometimes twice) a year, I get
excited calls from lawyers wanting to hire me as a consultant
to help them sue some big firewall vendor or other for
infringing on a ground-breaking idea like proxy transparency
(first shipped in borderguard but simultaneously implemented in
Gauntlet, Centri, and AT&T's firebrick) or content scanning
(first shipped in DEC SEAL - sort of - and later in Secure
Computing Sidewinder's marketing literature, and then a
host of others) etc, etc. I can't decide whether to laugh or


firewall-wizards mailing list