Firewall Wizards mailing list archives
Re: Good Router/Firewall Combo
From: Tony Miedaner <amiedane () appliedtheory com>
Date: Thu, 14 Sep 2000 12:55:53 -0400
Depends how you define stateful. Is a portmap stateful? Is a NAT table stateful? I think the point here is that you really can't call this a firewall and feel good about it. If you wanna allow do some services that open return data connections does that mean you need to allow everything above 1024 using a static filter? Also depends on how you define firewall but that one is for greater minds. To me a pair of dykes makes a great firewall. At 12:48 AM 9/15/00 +1100, you wrote:
In some email I received from myles () tenhand com, sie wrote:This linksys is a great example of some of the things being sold as "home firewalls". Very clever engineering, great hardware, good features, excellent price, sketchy security. The linksys box is a *stateless NAT* box. Think about it.Someone rang me up on the phone today and started talking to me about how they wanted to do stateless NAT. They kept talking, I kept listening and eventually their thoughts arrived at the point where they realised that if you don't keep any state, NAT cannot work. Well, except where your rules hold all your state and it is on a one to one basis (one IP# to one other IP# or one port to one other port, etc). Otherwise, how do you know what to do with replies ? Darren _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Tony Miedaner Network Security Engineer Network Engineering Unit Appliedtheory Inc. 315-453-2912 x5863 _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: Good Router/Firewall Combo Frank R. Boecherer (Sep 12)
- RE: Good Router/Firewall Combo Patrick Darden (Sep 12)
- Re: Good Router/Firewall Combo Marie Rubio (Sep 12)
- Re: Good Router/Firewall Combo kj (Sep 25)
- <Possible follow-ups>
- RE: Good Router/Firewall Combo BOVO Marcelo DICAU (Sep 13)
- Re: Good Router/Firewall Combo Tony Miedaner (Sep 16)