nanog mailing list archives
Re: High throughput bgp links using gentoo + stipped kernel
From: Phil Fagan <philfagan () gmail com>
Date: Mon, 20 May 2013 17:08:18 -0600
Just curious and perhaps off topic a tad but; is the stateful filtering of sessions on a router to replace a firewall? Or is there another reason to do it? I could see a benefit of creating blacklists, however, I'm struggling with what other benefits it would provide...service aware load-balancing? I'm very interested to learn what other strategies and or design considerations would be made with thinking of using filtering on a router. I'm perfectly willing to accept consolidation of services :-) On Mon, May 20, 2013 at 3:45 PM, Matt Palmer <mpalmer () hezmatt org> wrote:
On Sun, May 19, 2013 at 04:42:23PM -0700, Seth Mattinen wrote:On 5/19/13 4:27 PM, Ben wrote:Do you actually need stateful filtering? A lot of people seem to think that it's important, when really they're accomplishing little from it, you can block ports etc without it.I believe PCI compliance requires it, other things like it probably dotoo. There'd be very few PCI compliant sites if PCI required stateful firewalling in core routers. - Matt
-- Phil Fagan Denver, CO 970-480-7618
Current thread:
- Re: High throughput bgp links using gentoo + stipped kernel, (continued)
- Re: High throughput bgp links using gentoo + stipped kernel William Herrin (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Andre Tomt (May 19)
- Message not available
- Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Andre Tomt (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Matt Palmer (May 19)
- RE: High throughput bgp links using gentoo + stipped kernel MailPlus| David Hofstee (May 21)
- Re: High throughput bgp links using gentoo + stipped kernel Ben (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Seth Mattinen (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Valdis . Kletnieks (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Matt Palmer (May 20)
- Re: High throughput bgp links using gentoo + stipped kernel Phil Fagan (May 20)
- Re: High throughput bgp links using gentoo + stipped kernel Justin M. Streiner (May 21)
- Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel joel jaeggli (May 20)
- Re: High throughput bgp links using gentoo + stipped kernel Ben (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Zachary Giles (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Phil Fagan (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Andre Tomt (May 19)