RFC 2979 (rfc2979) - Page 1 of 7
Behavior of and Requirements for Internet Firewalls
Alternative Format: Original Text Document
Network Working Group N. Freed
Request for Comments: 2979 Sun
Category: Informational October 2000
Behavior of and Requirements for
Internet Firewalls
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
This memo defines behavioral characteristics of and interoperability
requirements for Internet firewalls. While most of these things may
seem obvious, current firewall behavior is often either unspecified
or underspecified and this lack of specificity often causes problems
in practice. This requirement is intended to be a necessary first
step in making the behavior of firewalls more consistent across
implementations and in line with accepted IP protocol practices.
1. Introduction
The Internet is being used for an increasing number of mission
critical applications. Because of this many sites find isolated
secure intranets insufficient for their needs, even when those
intranets are based on and use Internet protocols. Instead they find
it necessary to provide direct communications paths between the
sometimes hostile Internet and systems or networks which either deal
with valuable data, provide vital services, or both.
The security concerns that inevitably arise from such setups are
often dealt with by inserting one or more "firewalls" on the path
between the Internet and the internal network. A "firewall" is an
agent which screens network traffic in some way, blocking traffic it
believes to be inappropriate, dangerous, or both.
Note that firewall functions are disjoint from network address
translation (NAT) functions -- neither implies the other, although
sometimes both are provided by the same device. This document only
discusses firewall functions.
Freed Informational