[arin-discuss] Trying to Understand IPV6
Joel Jaeggli
joelja at bogus.com
Tue Sep 14 11:08:07 EDT 2010
On 9/13/10 2:51 PM, Owen DeLong wrote:
>
> On Sep 13, 2010, at 2:13 PM, Mike Lieberman wrote:
>
>> Matthew! Good heavens, no technology is the panacea. Yes with
>> NAT/CiscoASA5500/and AV software my 12 yo daughter does a fine job of making a
>> mess on her PC... But to suggest that NATs don't knock down a huge amount of
>> unwanted traffic is simply unrealistic.
>>
>> Stateful firewalls can only knock down what they are looking for. Yes proper
>> rules the in/out traffic with internal public IP can work nicely, but they are
>> far more susceptible to really bad results if done wrong...
>>
> Huh? No.
>
> A properly configured stateful firewall knocks down everything that isn't a
> specifically permitted flow.
which it should be noted requires only one rule.
deny all inbound not established
More information about the ARIN-discuss
mailing list