Re: Good Router/Firewall Combo

[Tony Miedaner <amiedane () appliedtheory com>]

Depends how you define stateful.

Is a portmap stateful?
Is a NAT table stateful?

I think the point here is that you really can't call this a firewall and
feel good about it.  If you wanna allow do some services that open return
data connections does that mean you need to allow everything above 1024
using a static filter?

Also depends on how you define firewall but that one is for greater minds.
To me a pair of dykes makes a great firewall.

At 12:48 AM 9/15/00 +1100, you wrote:
> In some email I received from myles () tenhand com, sie wrote:
> > This linksys is a great example of some of the things being sold as "home
> > firewalls". Very clever engineering, great hardware, good features,
> > excellent price, sketchy security. 
> >
> > The linksys box is a *stateless NAT* box. Think about it.
>
> Someone rang me up on the phone today and started talking to me about how
> they wanted to do stateless NAT.  They kept talking, I kept listening and
> eventually their thoughts arrived at the point where they realised that
> if you don't keep any state, NAT cannot work.  Well, except where your
> rules hold all your state and it is on a one to one basis (one IP# to one
> other IP# or one port to one other port, etc).  Otherwise, how do you know
> what to do with replies ?
>
> Darren
>
> _______________________________________________
> Firewall-wizards mailing list
> Firewall-wizards () nfr net
> http://www.nfr.net/mailman/listinfo/firewall-wizards
Tony Miedaner
Network Security Engineer
Network Engineering Unit
Appliedtheory Inc.
315-453-2912 x5863

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards