[fw-wiz] Good Router/Firewall Combo

Tony Miedaner amiedane@appliedtheory.com
Thu, 14 Sep 2000 12:55:53 -0400

Depends how you define stateful.

Is a portmap stateful?
Is a NAT table stateful?

I think the point here is that you really can't call this a firewall and
feel good about it.  If you wanna allow do some services that open return
data connections does that mean you need to allow everything above 1024
using a static filter?

Also depends on how you define firewall but that one is for greater minds.
To me a pair of dykes makes a great firewall.

At 12:48 AM 9/15/00 +1100, you wrote:
>In some email I received from myles@tenhand.com, sie wrote:
>> This linksys is a great example of some of the things being sold as "home
>> firewalls". Very clever engineering, great hardware, good features,
>> excellent price, sketchy security. 
>> The linksys box is a *stateless NAT* box. Think about it.
>Someone rang me up on the phone today and started talking to me about how
>they wanted to do stateless NAT.  They kept talking, I kept listening and
>eventually their thoughts arrived at the point where they realised that
>if you don't keep any state, NAT cannot work.  Well, except where your
>rules hold all your state and it is on a one to one basis (one IP# to one
>other IP# or one port to one other port, etc).  Otherwise, how do you know
>what to do with replies ?
