firewall rules - Networking

This is a discussion on firewall rules - Networking ; Hi all, recently a friend of mine told me that it is possible to set firewall rules in a switch, AFAIK it is not possible. how valid is this claim of my friend ?...

+ Reply to Thread
Results 1 to 7 of 7

Thread: firewall rules

  1. firewall rules

    Hi all,

    recently a friend of mine told me that it is possible to set firewall
    rules in a switch, AFAIK it is not possible.

    how valid is this claim of my friend ?

  2. Re: firewall rules

    On 2008-10-07, annalissa wrote:
    > how valid is this claim of my friend ?


    Depends on switch. Some (cheap) switches are pretty dummy and they can't
    be used as firewall. Some (expensive) switches have those features built
    in and they actually can be used as a firewall as well.

    It's more or less matter of terminology if you'r friend is right or
    wrong. As in is a high-end switch with firewall features actually a
    switch anymore or is it a router.

    --
    Take

  3. Re: firewall rules

    annalissa wrote:

    > Hi all,
    >
    > recently a friend of mine told me that it is possible to set firewall
    > rules in a switch, AFAIK it is not possible.
    >
    > how valid is this claim of my friend ?


    Depends on the switch.
    A managed one could very well filter ports so PC-A on port 1 can not
    communicate with PC-B on port 2 but with PC-C on port 3.

    An unmanaged switch can not do that.

    And regardless of being managed or unmanaged: There's no possibility to set
    up rules beyond Yes/No, because a switch does not know about IP and thus
    the usual packet filtering rules (aka "firewall rules") are not working.

    Your friend most probably mixed up routers (which can contain a switch) and
    switches.

    Felix

  4. Re: firewall rules

    annalissa wrote:
    > recently a friend of mine told me that it is possible to set firewall
    > rules in a switch, AFAIK it is not possible.
    >
    > how valid is this claim of my friend ?


    Switches deal with MAC addresses (layer 2).
    Routers and firewalls deal with IP addresses (layer 3).

    Routers can have access control lists (typically just called ACLs) that
    have rules very much like (but not exactly like) firewall rules.

    Some switches have the ability to block or allow specified MAC
    addresses. That would only work on a local network, and it
    blocks/allows *all* traffic from those MAC addresses.

    Some medium-range switches are IP-address-aware to support multicast
    functionality without the need of a separate multicast router, but that
    has nothing to do with blocking/allowing traffic by port or protocol.

    Some higher-end switches have routers embedded in them. Or you could go
    even higher to switch frames with pluggable modules. If so, some of
    them have firewall modules. But then they're not just switches anymore.
    They're boxes with lots of ports that you can configure to be a whole
    network with a complex topology.

    Generally I'd say your friend is wrong or there's been some
    misunderstanding somewhere.

  5. Re: firewall rules

    On Oct 7, 7:55*am, annalissa wrote:

    > Hi all,
    >
    > recently a friend of mine told me that it is possible to set firewall
    > rules in a switch, AFAIK it is not possible.
    >
    > how valid is this claim of my friend ?


    Is it possible to listen to FM stations in a car? Yes, if the car has
    a radio.

    DS

  6. Re: firewall rules

    Allen Kistler writes:

    > Switches deal with MAC addresses (layer 2).
    > Routers and firewalls deal with IP addresses (layer 3).


    Some layer 2 devices can filter as well. Usually they call them a
    bridge or transparent firewall.

  7. Re: firewall rules

    Maxwell Lol wrote:
    > Allen Kistler writes:
    >
    >> Switches deal with MAC addresses (layer 2).
    >> Routers and firewalls deal with IP addresses (layer 3).

    >
    > Some layer 2 devices can filter as well. Usually they call them a
    > bridge or transparent firewall.


    A bridge is a switch. The only difference is when the terminology was
    coined. "Bridges" were invented when layer 1 was commonly a shared coax
    cable. In any case, neither switching nor bridging is firewalling.

    A transparent firewall may connect two segments of the same layer 2
    broadcast domain, but it still filters based on layer 3 (IP) addresses,
    because connection state is a layer 3 and layer 4 concept.

+ Reply to Thread