Re: IPv6 support in firewalls

["Behm, Jeffrey L." <BehmJL () bv com>]

How many end users of IT can tell you what a "stateful filter set up for

outbound connections only" is, much less set it up?

On Monday, August 27, 2007 1:53 PM ArkanoiD wrote:

> Well, stateful filter set up for outbound connections only is
> exactly equivalent to NAT device. It is even better because
> there are no moronic "UPNP" things that could be accidentally left
> turned on..
>
> On Mon, Aug 27, 2007 at 09:40:33AM -0500, Behm, Jeffrey L. wrote:
> > On Monday, August 27, 2007 2:31 AM, Patrick M. Hausen wrote: 
> >
> > Snipped out the discussion about why IPv6 should be deployed to 
> > every device, even those "inside the firewall" and that NAT should
> > be killed...
> >
> > > First you should not rely on NAT as a security measure, anyway,
> > > because it isn't.
> >
> > For a security-conscious IT professional, this may be a true
statement.
> > But, for the vast majority of end users of IT, given the choice of a 
> > Hardware NAT device vs. nothing for security, I'll pick the hardware
> > NAT device every time.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards