[120173] in North American Network Operators' Group
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
daemon@ATHENA.MIT.EDU (Chris Adams)
Fri Dec 11 09:12:32 2009
Date: Fri, 11 Dec 2009 08:10:57 -0600
From: Chris Adams <cmadams@hiwaay.net>
To: nanog@nanog.org
Mail-Followup-To: Chris Adams <cmadams@hiwaay.net>, nanog@nanog.org
In-Reply-To: <200912111336.nBBDadtt073162@aurora.sol.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Once upon a time, Joe Greco <jgreco@ns.sol.net> said:
> Everyone knows a NAT gateway isn't really a firewall, except more or less
> accidentally. There's no good way to provide a hardware firewall in an
> average residential environment that is not a disaster waiting to happen.
I don't think hardware vs. software makes a "real" firewall. A NAT
gateway has to have all the basic functionality of a stateful firewall,
plus packet mangling. Typical home NAT gateways don't have all the
configurability of an SSG or such, but the same basic functionality is
there.
--
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
