nanog mailing list archives

Re: Requirements for IPv6 Firewalls

From: Jeff Kell <jeff-kell () utc edu>
Date: Fri, 18 Apr 2014 23:29:40 -0400

On 4/18/2014 10:10 PM, Dobbins, Roland wrote:

On Apr 19, 2014, at 9:04 AM, Jeff Kell <jeff-kell () utc edu> wrote:

It's how we provide access control.

Firewalls <> 'access control'.

Firewalls are one (generally, very poor and grossly misused) way of providing access control.  They're often wedged 
in where stateless ACLs in hardware-based routers and/or layer-3 switches would do a much better job, such as in 
front of servers:


I call BS...  what do you expect closes the gap, host firewalls?  Most
3rd party crap has no firewalls and gets no specific rules for local
LANs or authorized users.

Firewalls are front-line defense, for the crap that is too generic /
misconfigured to protect itself.  And there are tons of these.

Anyone ever pentested you?  It's an enlightening experience.

Jeff

Current thread:

Re: Requirements for IPv6 Firewalls, (continued)
- - - Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
    - Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
    - Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
    - Re: Requirements for IPv6 Firewalls Jim Clausing (Apr 18)
    - Re: Requirements for IPv6 Firewalls Eugeniu Patrascu (Apr 18)
    - Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 18)
    - Re: Requirements for IPv6 Firewalls Jeff Kell (Apr 18)
    - Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 18)
    - Re: Requirements for IPv6 Firewalls Jeff Kell (Apr 18)
    - Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 18)
    - Re: Requirements for IPv6 Firewalls George William Herbert (Apr 19)
    - Re: Requirements for IPv6 Firewalls Łukasz Bromirski (Apr 19)
    - Re: Requirements for IPv6 Firewalls Jimmy Hess (Apr 19)
    - Re: Requirements for IPv6 Firewalls George William Herbert (Apr 19)
    - Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 19)
    - Re: Requirements for IPv6 Firewalls Eugeniu Patrascu (Apr 19)
    - Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 20)
    - RE: Requirements for IPv6 Firewalls Eric Wieling (Apr 22)
    - RE: Requirements for IPv6 Firewalls Brian Johnson (Apr 22)

(Thread continues...)