[fw-wiz] Good Router/Firewall Combo
Thu, 14 Sep 2000 12:55:53 -0400
Depends how you define stateful.
Is a portmap stateful?
Is a NAT table stateful?
I think the point here is that you really can't call this a firewall and
feel good about it. If you wanna allow do some services that open return
data connections does that mean you need to allow everything above 1024
using a static filter?
Also depends on how you define firewall but that one is for greater minds.
To me a pair of dykes makes a great firewall.
At 12:48 AM 9/15/00 +1100, you wrote:
>In some email I received from email@example.com, sie wrote:
>> This linksys is a great example of some of the things being sold as "home
>> firewalls". Very clever engineering, great hardware, good features,
>> excellent price, sketchy security.
>> The linksys box is a *stateless NAT* box. Think about it.
>Someone rang me up on the phone today and started talking to me about how
>they wanted to do stateless NAT. They kept talking, I kept listening and
>eventually their thoughts arrived at the point where they realised that
>if you don't keep any state, NAT cannot work. Well, except where your
>rules hold all your state and it is on a one to one basis (one IP# to one
>other IP# or one port to one other port, etc). Otherwise, how do you know
>what to do with replies ?
>Firewall-wizards mailing list
Network Security Engineer
Network Engineering Unit