nanog mailing list archives
Re: ACLs vs. full firewalls
From: Nathan Ward <nanog () daork net>
Date: Wed, 8 Apr 2009 10:46:11 +1200
On 8/04/2009, at 10:32 AM, Karl Auer wrote:
I'd be interested to hear why people use firewalls. I've never felt theneed, myself - am I living in a fool's paradise?
End hosts are not always trustworthy.If a host is compromised, should it be able to send anything and everything out to the public network? If a host is a desktop PC controlled by an end user, should it be able to send and receive anything it wants?
IMO, host based filtering and ACLs (either firewalls or router ACLs or whatever) in the network should both be used. They fulfil different needs.
-- Nathan Ward
Current thread:
- ACLs vs. full firewalls Michael Helmeste (Apr 07)
- Re: ACLs vs. full firewalls Justin M. Streiner (Apr 07)
- Re: ACLs vs. full firewalls Eric Gauthier (Apr 07)
- Re: ACLs vs. full firewalls Michael Helmeste (Apr 07)
- Re: ACLs vs. full firewalls Matthew Petach (Apr 07)
- Re: ACLs vs. full firewalls Mark Smith (Apr 07)
- Re: ACLs vs. full firewalls Karl Auer (Apr 07)
- Re: ACLs vs. full firewalls Nathan Ward (Apr 07)
- Re: ACLs vs. full firewalls Karl Auer (Apr 07)
- Re: ACLs vs. full firewalls Steven M. Bellovin (Apr 07)
- Re: ACLs vs. full firewalls Karl Auer (Apr 07)
- Re: ACLs vs. full firewalls Ravi Pina (Apr 15)
- RE: ACLs vs. full firewalls TJ (Apr 15)
- Re: ACLs vs. full firewalls ubaidali_abdul_razack (Apr 07)