[arin-discuss] Trying to Understand IPV6
Owen DeLong
owen at delong.com
Tue Sep 14 13:11:11 EDT 2010
On Sep 14, 2010, at 8:08 AM, Joel Jaeggli wrote:
> On 9/13/10 2:51 PM, Owen DeLong wrote:
>>
>> On Sep 13, 2010, at 2:13 PM, Mike Lieberman wrote:
>>
>>> Matthew! Good heavens, no technology is the panacea. Yes with
>>> NAT/CiscoASA5500/and AV software my 12 yo daughter does a fine job of making a
>>> mess on her PC... But to suggest that NATs don't knock down a huge amount of
>>> unwanted traffic is simply unrealistic.
>>>
>>> Stateful firewalls can only knock down what they are looking for. Yes proper
>>> rules the in/out traffic with internal public IP can work nicely, but they are
>>> far more susceptible to really bad results if done wrong...
>>>
>> Huh? No.
>>
>> A properly configured stateful firewall knocks down everything that isn't a
>> specifically permitted flow.
>
> which it should be noted requires only one rule.
>
> deny all inbound not established
>
On a proper stateful firewall, this rule is not required. It is implicit and all other
rules implement exceptions to this rule.
Owen
More information about the ARIN-discuss
mailing list