[120899] in North American Network Operators' Group
Re: I don't need no stinking firewall!
daemon@ATHENA.MIT.EDU (Ryan Brooks)
Wed Jan 6 00:14:38 2010
Date: Tue, 05 Jan 2010 23:14:05 -0600
From: Ryan Brooks <ryan@hack.net>
To: nanog@nanog.org
In-Reply-To: <alpine.DEB.1.10.1001051609340.23901@castor.opentrend.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 1/5/10 3:24 PM, Robert Brockway wrote:
> On Tue, 5 Jan 2010, Dobbins, Roland wrote:
>
> The problem is that your premise is wrong. Stateful firewalls
> (hereafter just called firewalls) offer several advantages. This list
> is not necessarily exhaustive.
>
Great advantages list, but where's the disadvantages list?
Here's mine:
1..n) Stateful firewalls go down. It's the very nature of what they
do. If you haven't had this problem, then your application is small.
Everyone needs to listen to Roland's mantra: "stateless ACLs in hardware
than can handle Mpps". It's more than just a hint.
